Fake Support center now taking advantage of LastPass and chrome customers

LastPass

Like any major big name company, LastPass is telling us about the fact their name is being used in targeted attacks using their Chrome extension.

This is a Bleeping Computer article, and one in which has some detail on this, including a phone number.

Reviews are going up which includes a 5 star review, as well as a note about getting support. It urges people to call a Santa Barbara, California number to get support. The number given is 805-206-2892.

Fraudulant Lastpass review

The image shows a LastPass app page with a rating overview. It is labeled “LastPass: Free Password Manager” with a 4.3 out of 5-star rating from 28,100 ratings, indicating 9 million users. Below, there are three identical reviews dated October 30, 2024, each rated with five stars by users named RazielTheFallen, Mark William, and Heidy Mora. The reviews mention contacting LastPass online support via the Help Center, live chat, or phone for assistance with various
Lastpass has never had a public telephone number, and we have always been urged to file tickets by Email. While there may have been a telephone number when being billed, I honestly don’t know where the number goes. We do know that if you put a telephone number, it has to be a valid telephone number you control, so I hope that’s the case.

Once you call the number, an agent, pretending to be Lastpass, will ask you questions like Lastpass would be asking when trying to assist. Then, to fix the issue, they direct you to a web site.

Fake Web Lastpass site

Picture Smart does indicate that it is using RSA 4096 bit encryption and actually gives the domain in which you’ll be going.

Can anyone tell me to which TLD this page is going to?

  • .com
  • .edu
  • .org
  • .help
  • .org
  • .top
  • .info

Once you get to the page and you enter the code, which seems to be all you can do there, it connects you to download a remote assistance agent called Connect Wise.

Support agent signed by ConnectWise

Once this tool is installed, the article indicates that the phone agent will ask you more questions while another agent will access your system to steal data or install other software on to your system.

BleepingComputer has learned that the phone number associated with the fake LastPass support center is linked to a much larger campaign.

The phone number, 805-206-2892, was also found promoted as a support number for numerous other companies, including Amazon, Adobe, Facebook, Hulu, YouTube TV, Peakcock TV, Verizon, Netflix, Roku, PayPal, Squarespace, Grammarly, iCloud, Ticketmaster, and Capital One.

Oh yes, for those who have guessed on the question, the TLD that you’re taken to is a .top domain. Thank you so much for playing. Lastpass’s domain is a .com, and as we’ve discussed .top we’ve only found nothing but phishing and fraudulent pages.

The domain itself is nothing really. I’m spacing the letters out, so that people don’t go there. The domain is called D G help.

Lastpass has always told users that they will never ask you for your password, even though you have already started a ticket. This is the way things should be now, because of the fact that it has not always been this way.

When I started, we needed usernames and passwords to assist people, but if we run our own business like web hosting, we are now given tools to where we can access all of the accounts we need.

The article in question is titled LastPass warns of fake support centers trying to steal customer data if you wish to read it.

This is Lastpass’s article: LastPass warns of fake support centers trying to steal customer data if you want to read it.

These fake support numbers are posted not only to Chrome extension reviews but also to sites that allow anyone to create content, such as company forums and Reddit.

While many of these posts are taken down as they are created, others are still available, with new ones created throughout the day.

These two paragraphs sum it up nicely. The fact that the number has been used in other campaigns, and the fact that it can be posted anywhere where people can post user content.

This number in this article and also listed in the linked Bleeping Computer article may not be the only number that could be posted.

Be safe out there!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.