LastPass has warned users of a phishing campaign using fake security alerts to redirect users to malicious websites. Similarly, Bitwarden users have also been targeted with similar phishing tactics, raising concerns over user security.
LastPass users are experiencing a phishing campaign that mimics legitimate security communications. The emails use a sender address designed to appear credible: 'hello@lastpassnewsletter.com'.
Recipients are informed of fictional service policy changes suggesting enhanced SaaS monitoring and other features, leading them to click a button that directs them to a fraudulent website impersonating DocuSign.
The phishing site, identified as lastpasscompliance[.]com, has been flagged as malicious by Microsoft Defender and Cloudflare. Users are encouraged to download a file that claims compatibility with Windows and macOS, risking credential theft.
Though the site offered live support through a chat feature, its legitimacy remains unverified. At the time of reporting, the malicious site was taken offline.
According to BleepingComputer, a similar phishing tactic targets Bitwarden users with emails from 'hello@bitwardennewsletter.com'. These emails redirect to a malicious site identified as bitwardencompliance[.]com.
This highlights a broader trend in phishing attacks where attackers leverage popular services to deceive users.
LastPass reiterated that it will never request users' master passwords through email and advised reporting suspicious communications. Users who may have interacted with phishing sites are urged to change their master passwords immediately from a secure device and review their vaults for any unauthorized activity.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
LastPass has warned users of a phishing campaign using fake security alerts to redirect users to malicious websites. Similarly, Bitwarden users have also been targeted with similar phishing tactics, raising concerns over user security.