The phishing email shows you a warning that you urgently need to update your password vault, but is actually trying to obtain the keys to the vault.
Users of the LastPass password manager should be extra vigilant this week. Since January 19, a phishing email has been circulating asking users to back up their password vault. The email supposedly comes from the security team.
LastPass warns in a blog about this ongoing campaign. Visually, the email looks as if it could indeed come from LastPass. The company shares some tips on how to recognize that the email is fake from the design title, sender, or attached URLs.
Maintenance
In the email, the recipient is warned that maintenance is planned and that a backup must therefore be made quickly. Unlike classic phishing emails, the language is much less threatening. The message that making a backup only guarantees that users ‘continue to have uninterrupted access to login details’ should convince the unsuspecting user of the good intentions.
The link in the email leads you to a fake login page where you have to enter your master password. If you do that, you throw that password and the keys to your vault away. The fake page is now offline again, LastPass researchers note.
Popular Target
LastPass is far from the only password manager that is being imitated by cybercriminals. Recently, they also impersonated Bitwarden and 1Password, among others. It is also not a first for LastPass itself. In a previous phishing campaign, users were shown fake obituaries. However, cybercriminals prefer to impersonate Microsoft, Google or Amazon.
Password managers like LastPass contain valuable information for cybercriminals. Users store their digital possessions in it, from login details to credit card information. Hackers only need to crack one password to access all that data and be able to misuse it. Fortunately, the tools are generally well secured and successful burglaries at password managers are rather rare, although LastPass proved the opposite three years ago.