LastPass is warning users about a phishing campaign that spoofs the ‘LastPass Support’ display name and uses fake forwarded internal email threads to pressure recipients into clicking links like “report suspicious activity,” “disconnect and lock vault,” and “revoke device.” The links lead to credential-stealing pages on domains such as verify-lastpass[.]com and lookalikes; LastPass says its systems were not breached, reminds users support will never ask for their master password, and asks that suspicious messages be reported to [email protected]. #LastPass #verify-lastpass
Keypoints
- The campaign spoofs LastPass Support display names and uses multiple sender addresses and subject lines to appear credible.
- Emails mimic forwarded internal conversations to create urgency and prompt recipients to respond or click action links.
- Clicking the links directs users to a fake LastPass login page hosted on verify-lastpass[.]com and redirected lookalike URLs that harvest credentials.
- LastPass confirms its infrastructure was not compromised, warns support will never ask for master passwords, and asks users to report suspicious emails to [email protected].
- LastPass is a frequent phishing target, with prior campaigns in January and late 2025 using fake maintenance notices, death claims, and hacked-app lures.