LastPass Warns Customers It Has Not Been Hacked Amid Phishing Email Scam - Infosecurity Magazine

Password manager LastPass has warned customers that is has “NOT been hacked” after it identified a phishing campaign leveraging the firm’s branding. The phishing emails used the subject line “We Have Been Hacked - Update Your LastPass Desktop App to Maintain Vault Security” and was sent from the email addresses hello@lastpasspulse[.]blog or hello@lastpassgazette[.]blog. “This is an attempt on the part of a malicious actor to draw attention and generate urgency in the mind of the recipient, a common tactic for social engineering and phishing emails,” the firm said in a blog post.   Source: LastPass The link in the email purports to take potential victims to a new desktop app site, which will instead direct victims to a phishing site hosted at lastpassdesktop[.]com or lastpassgazette[.]blog. Another URL had been registered by the threat actor, (“lastpassdesktop[.]app”), which LastPass said could be used in future iterations of this campaign. It appears that the threat actor has used NiceNIC to host the phishing site. The security firm said it was working to have the domain taken down as soon as possible and Cloudflare has posted warning pages in front of the site advising visitors that these sites are phishing pages. 1Password Phishing Scam Threatens to Steal Secret Key Earlier this month, Malwarebytes reported that a “well-targeted” phishing campaign saw scammers attempt to get hold of the 1Password credentials belonging to a Malwarebytes’ employee. Pieter Arntz, a malware intelligence researcher at Malwarebytes Labs, commented in a blog post, “Stealing someone’s 1Password login would be like hitting the jackpot for cybercriminals, because they potentially export all the saved logins the target stored in the password manager.” In September, Brett Christensen, author of the Substack Hoax-Slayer, reported on a phishing campaign purporting to be from 1Password warning customers that their account had been compromised and urging users to rest passwords via a malicious link. The malicious web page also encouraged users to share their secret key. 1Password secret keys allow access to a user’s password vault, which could provide a trove of information to cybercriminals.