"The attacker relies on the fact that many email clients (especially mobile) show only the display name, hiding the real sender address unless you expand it. The phishing emails inform recipients of unauthorized access to their account or master password changes and urge victims to take immediate action, such as revoking devices, disconnecting and locking their vault, or reporting suspicious activity."
"The messages contain links pointing to a fake LastPass login page designed to harvest users' master passwords, which can be highly valuable to threat actors, particularly profit-driven cybercriminals. The password manager has released indicators of compromise (IoCs), including URLs, IPs, sender email addresses, and email subject lines."
LastPass is alerting users to a phishing campaign exploiting spoofed display names in emails that appear to originate from LastPass. The fraudulent messages claim unauthorized account access or master password changes, pressuring recipients to take immediate action like revoking devices or locking vaults. These emails contain links directing users to counterfeit LastPass login pages designed to steal master passwords. Attackers exploit the fact that many email clients, particularly mobile applications, display only the sender's name while hiding the actual email address. LastPass has released indicators of compromise including URLs, IP addresses, sender addresses, and subject lines. The company has collaborated with Forta Brand Protection and hosting providers to conduct takedown operations and remove malicious sites.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]