Have you received a death certificate in your LastPass mailbox? It’s best not to open it.
Password manager LastPass is facing a bizarre phishing attack: users receive their own death certificate in their mailbox. A family member supposedly posted the certificate online, and they are threatened with losing access to their account. It’s certainly a surprising email to receive if you’re still alive.
What’s Happening?
Users receive emails from ‘alerts@lastpass.com’ stating that someone has uploaded their death certificate, and they need to log in to view it and mark it as fake. The hackers’ aim is to disorient people just long enough for them to click on a malicious link in the email. This would give them access to every password stored in the LastPass password manager.
According to a blog post by LastPass, some victims are even called to guide them through the process. This works so well because LastPass indeed has a
Active for a While
Google Threat Intelligence knows that this campaign is set up by the hacker group CryptoChameleon (or UNC5356). As the name suggests, they usually focus on stealing cryptocurrencies. The phishing campaign has been active since mid-October 2025.