If you receive a call from LastPass, it’s a scam.

Sophisticated new phishing scammers are targeting LastPass users via phone calls and emails.

IMG_3672-sm

Nowadays, you might be extra cautious whenever you receive a call from an unknown number. If it’s not the usual “we’ve been trying to reach you about your car’s extended warranty” recording, it could be someone claiming to be from “Windows” trying to get you to install remote access software. And if they mix it up and tell you they’re from LastPass, yes, it’s the same old nonsense.

According to Ars Technica, phishing scammers have expanded their operations, impersonating the password-saving service LastPass. The calls will alert users that their account has been accessed from a new location, and they need to press one or two keys to block what could be a nefarious hacker. Subsequent calls from actual humans, as per alerts issued by LastPass itself, will instruct users to provide their email addresses, where phishing messages will attempt to steal their actual login details.

Once the phishers obtain the LastPass master password, they can immediately lock out the real user and access any information stored within. It’s a treasure trove of identity theft data, especially as legitimate users often can’t access the randomly generated passwords they’ve created for dozens or hundreds of websites, including banks and medical information.

LastPass seems to have enough users now that it has become a common target for phishing scams, not to mention the tempting nature of its integrated personal data setup. The company is frequently subject to high-profile hacking attacks, most recently in 2022. With the popularity of ready-made phishing toolkits like CryptoChameleon, the latest wave of attacks is targeting users themselves.

A representative for LastPass said that as of April 16, they have been able to shut down the website associated with the latest phishing attempt, but the criminals seem inevitably to attempt another URL. Be cautious.

Leave a Reply

Your email address will not be published. Required fields are marked *