Malwarebytes has flagged a new phishing campaign that weaponized user trust in 1Password’s breach notification system, adding that an employee nearly handed over their vault credentials to scammers.