LastPass Users Targeted With Backup-Themed Phishing Emails

LastPass Users Targeted With Backup-Themed Phishing Emails

Posted on By CWS

LastPass is warning prospects a couple of new phishing marketing campaign that includes emails advising focused customers to again up their vaults.

The phishing emails, which began circulating on or round January 19, have topic traces that reference upkeep and instruct recipients to create a backup of their vault.

The physique of the e-mail gives directions for making a backup and accommodates a hyperlink pointing to a phishing web page designed to trick victims into handing over their grasp password. The phishing web page is hosted on a faux LastPass area.

“Please be suggested that LastPass is NOT asking prospects to backup their vaults within the subsequent 24 hours; fairly, that is an try on the a part of a malicious actor to generate urgency within the thoughts of the recipient, a standard tactic for social engineering and phishing emails,” LastPass warned.

The corporate additionally famous, “The timing of the marketing campaign, which fell over a vacation weekend in the US, is a standard tactic amongst menace actors looking for to make the most of lowered staffing below the belief it would postpone detection and draw out response time.”

The password supervisor supplier has shared indicators of compromise (IoCs) to assist prospects determine and block assaults. 

LastPass prospects are repeatedly focused by menace actors in phishing and different assaults. The corporate itself has additionally been focused by hackers, together with in assaults involving deepfakes. Commercial. Scroll to proceed studying.

Nevertheless, probably the most vital safety failure stays the 2022 breach, wherein attackers exfiltrated the encrypted vault knowledge of tens of millions of customers. 

Fallout from that incident continues; TRM Labs reported in December that menace actors are efficiently cracking stolen grasp passwords to entry vaults and drain cryptocurrency wallets.

Associated: FBI: North Korean Spear-Phishing Assaults Use Malicious QR Codes

Associated: Complicated Routing, Misconfigurations Exploited for Area Spoofing in Phishing Assaults

Associated: AI Is Supercharging Phishing: Right here’s The best way to Battle Again

Associated: Google Says Chinese language ‘Lighthouse’ Phishing Package Disrupted Following Lawsuit 

Security Week News Tags:, , , , ,

Related Posts

AI Cyberattacks Demand New Defense Strategies AI Cyberattacks Demand New Defense Strategies Security Week News
Salesloft GitHub Account Compromised Months Before Salesforce Attack Salesloft GitHub Account Compromised Months Before Salesforce Attack Security Week News
US Storms 29 Laptop Farms in Crackdown on North Korean IT Worker Schemes US Storms 29 Laptop Farms in Crackdown on North Korean IT Worker Schemes Security Week News
Starbucks Employee Data Breach Exposes Sensitive Information Starbucks Employee Data Breach Exposes Sensitive Information Security Week News
High-Severity Vulnerabilities Patched by Fortinet and Ivanti High-Severity Vulnerabilities Patched by Fortinet and Ivanti Security Week News
UK Hacker Admits to Crypto Theft in US Court UK Hacker Admits to Crypto Theft in US Court Security Week News