""Please be advised that LastPass is NOT asking customers to backup their vaults in the next 24 hours," the company said in a Monday security advisory."
""This is an attempt on the part of a malicious actor to generate urgency in the mind of the recipient, a common tactic for social engineering and phishing emails," the alert continued. "Please remember that no one at LastPass will ever ask for your master password.""
""LastPass vaults contain customers' most sensitive information - usernames, passwords, credit card details, and secure notes - protected by a single master password. This makes LastPass a constant target for criminals who can use these details for all sorts of financial and identity fraud.""
LastPass reported a phishing campaign beginning around January 19 that used multiple sender addresses and subject lines claiming scheduled maintenance and urging users to back up their vaults within 24 hours. The messages attempted to create urgency to trick recipients into disclosing credentials or following malicious links. LastPass emphasized it will never ask for a master password and urged customers not to comply. Vaults store usernames, passwords, credit card details, and secure notes behind a single master password, making password managers attractive targets. Some messages were timed over the Martin Luther King Jr. holiday weekend to delay detection, and at least one link redirected victims through a malicious S3 URL.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]