If you’re a LastPass user, be on guard for phishing emails in your inbox. Hackers are launching waves of malicious messages impersonating the password manager.
LastPass this week warned users about the threat, saying the first wave of phishing emails began on Sept. 13. “Our customers began reporting a pervasive and convincing phishing campaign. The campaign had global reach and targeted a variety of sectors, including 87 of our own employees,” the company wrote in a blog post.
(Credit: LastPass)The phishing emails look like they're coming from LastPass, and ask the recipient to update their personal information immediately or risk having certain features deactivated. But in reality, the emails are fake and come from the domain “marketing@sbito.co[.]th,” if you look closely.
Still, the phishing email looks convincing enough to potentially to trick some users into clicking a link embedded in the message. Doing so leads to a hacker-controlled login site at “customer-lastpass[.]su” that looks like it can steal any password and multi-factor authentication codes submitted to the portal.
(Credit: Malwarebytes)The phishing emails also try to exploit the recent security struggles facing LastPass, which suffered a massive breach last year. The company has since been requiring users to reset their multi-factor authentication codes to bolster security across the platform.
Antivirus provider Malwarebytes initially warned the public about the phishing threat on Sept. 14. LastPass says it also partnered with PhishLabs to disrupt the attacks by requesting that website providers shut down the internet domains powering the phishing campaign.
“Unfortunately, the threat actors materialized again on September 19th when a similar subdomain for the credential phishing site was registered, and several new domains for the phishing emails were leveraged,” LastPass says.
Hence, users should be careful when opening any emails that seem to come from LastPass. Double-check the sender address to verify the email’s legitimacy. You can also mouse over the links in the email before clicking them, which will reveal the web address for each one. Emails asking you to submit sensitive information are an immediate red flag that something is off.
Those who want to report a suspicious email can forward it to abuse@lastpass.com.