Don't click on the LastPass 'create backup' link - it's a scam

LastPass has warned customers about phishing emails claiming that action is required ahead of scheduled maintenance and told them not to fall for the scam. According to LastPass, the latest phishing campaign began around January 19 with emails being sent from several addresses with multiple subject lines. All of these are about LastPass maintenance, and they all urge customers to back up their vaults within 24 hours.

“Please be advised that LastPass is NOT asking customers to back up their vaults in the next 24 hours,” the company said in a Monday security advisory. This is an attempt on the part of a malicious actor to generate urgency in the mind of the recipient, a common tactic for social engineering and phishing emails.

LastPass vaults contain customers’ most sensitive information - usernames, passwords, credit card details, and secure notes - protected by a single master password. This makes LastPass a constant target for criminals who can use these details for all sorts of financial and identity fraud.

A screenshot of a January 20 phishing email includes a link purporting to allow customers to “create backup now.” But instead of backing up their LastPass vault, it redirects victims to a phishing site designed to trick them into handing over that master password.

“Rest assured, we are working with our third-party partners to have this domain taken down as soon as possible,” LastPass said in its online advisory. The advisory also includes a list of malicious URLs and associated IP addresses, along with email addresses sending the phishes and subject lines - so check those out to help with threat hunting efforts.

To read the complete article see: The Register Security .