How did the LastPass phishing scam work?

The scam involved fake emails impersonating LastPass, urging users to create a vault backup via a link that led to a credential-stealing website.

Is LastPass asking users to back up their vaults urgently?

No, LastPass has stated they are not asking customers to back up their vaults in an urgent timeframe like the phishing emails suggested.

What are the best ways to avoid password manager phishing scams?

Always verify sender details and links, never click urgent backup requests, and consider using passkeys for enhanced security.

Home / Technology / LastPass Phishing Scam: Don't Back Up Your Vault!

LastPass Phishing Scam: Don't Back Up Your Vault!

22 Jan

•

Summary

Phishing scam impersonates LastPass, urging users to back up vaults.
Malicious emails direct users to fake sites to steal credentials.
Users are advised to verify emails and avoid urgent backup requests.

LastPass Phishing Scam: Don't Back Up Your Vault!

Cybercriminals have launched a convincing phishing campaign targeting users of the popular password manager, LastPass. The scam involves sending emails that impersonate the company, creating a false sense of urgency by claiming a need for immediate vault backups due to scheduled maintenance. These malicious emails, originating from deceptive addresses and featuring urgent subject lines, are designed to pressure recipients into clicking a fraudulent 'Create Backup Now' button.

Upon clicking the link, users are directed to a phishing website specifically crafted to harvest their LastPass login credentials, including their master passwords. This tactic exploits the user's desire to protect their data, a common concern for password manager users. While the fake website has since been disabled, the incident serves as a critical reminder for all users to remain vigilant against such threats.