LastPass alerts customers about a new phishing campaign using fake emails to steal master passwords through malicious links. This attack exploits urgency and targets vault backups, continuing the trend of sophisticated social engineering tactics. #LastPass #PhishingEmails
Keypoints
- LastPass warns users about a phishing campaign mimicking maintenance alerts.
- Phishing emails direct recipients to fake LastPass domains to steal passwords.
- The campaign leverages urgency and timing during US holiday weekends for effectiveness.
- Indicators of compromise (IoCs) are provided to help users identify attacks.
- The companyβs known security incidents include a 2022 data breach and ongoing credential cracking efforts.
Read More: https://www.securityweek.com/lastpass-users-targeted-with-backup-themed-phishing-emails/