Windows 11 just got a big upgrade to protect you from phishing attacks — here’s how it works

Windows 11 logo on a laptop screen
(Image credit: Shutterstock)

Falling victim to a phishing attack can be bad enough on its own, but hackers can take complete control of your PC if your Windows password falls into the wrong hands. This is why Microsoft is implementing a new phishing protection feature in Windows 11.

As reported by BleepingComputer, Microsoft is expanding Windows 11’s Enhanced Phishing Protection with a new feature that will warn users when they copy and paste their Windows password into both websites and documents.

The software giant first introduced its Enhanced Phishing protection feature back with the release of Windows 11 22H2, in order to protect users’ Windows credentials from being stolen by hackers. However, this security feature only warned users when they manually typed their Windows password into a document or a login page on a website.

While it’s highly recommended that you use one of the best password managers to securely store and autofill your passwords, many users still prefer to do things the old fashioned way by copying and pasting them from a list. Now though, Microsoft is adding copy and paste protection to its Windows Enhanced Phishing protection program. 

How to enable Enhanced Phishing Protection in Windows 11

Once enabled, this updated security feature will show a prompt about the dangers of password reuse when Windows 11 users copy and paste their Windows passwords into a document or on a website. 

As password reuse can allow hackers to gain access to your other accounts once they have one of your passwords, Microsoft now recommends that users change their local Windows account password once they’ve been found copying and pasting it. 

It’s worth noting that the company’s Phishing protection isn’t enabled by default in Windows 11 and you will need to turn it on manually for the extra protection it provides. This can be done by going to Windows Security > App & browser control > Reputation-based protection and then Phishing protection. Here, you’ll want to toggle the switch to on and add checkmarks to the other options below it.

According to BleepingComputer, Windows Enhanced Phishing Protection now works with Firefox and Excel — though it still doesn’t work with third-party note-taking apps like Notepad2 or Notepad++. 

If you manually enter your password to login into one of the best Windows laptops, you’ll be able to see these new warning messages when you copy and paste or type out your Windows password in documents or on webpages. However, if you use Windows Hello, the Windows 11 Phishing protection doesn’t work as you’re already using an extra layer of security in the form of a PIN or biometrics when logging into your computer.

Staying safe from phishing attacks on your Windows PC 

Fish hook on a keyboard

(Image credit: Shutterstock)

Even with Windows Enhanced Phishing Protection enabled, you still need to be on the lookout for phishing emails and attacks in order to stay safe online.

As such, you want to be really careful when opening emails from unknown senders while avoiding clicking on any links or attachments they may contain. If an email has a blank subject line or has one that looks suspicious, it’s best to just ignore it.

Another thing to look out for in phishing emails is a sense of urgency. Hackers and other cybercriminals often try to elicit an emotional response to get potential victims to respond to their messages. This is why you’re going to want to try and keep a clear head when going through your inbox as hackers will often trick you by providing a deadline you need to respond by or risk losing access to one of your accounts.

By following these tips and enabling Windows Enhanced Phishing Protection, you’re one step closer to staying safe from hackers. However, you should also install one of the best antivirus software suites on your computers just in case malware does manage to arrive on your PC via your inbox.

More from Tom's Guide

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.