Like any major big name company, LastPass is telling us about the fact their name is being used in targeted attacks using their Chrome extension.
This is a Bleeping Computer article, and one in which has some detail on this, including a phone number.
Reviews are going up which includes a 5 star review, as well as a note about getting support. It urges people to call a Santa Barbara, California number to get support. The number given is 805-206-2892.
Once you call the number, an agent, pretending to be Lastpass, will ask you questions like Lastpass would be asking when trying to assist. Then, to fix the issue, they direct you to a web site.
Picture Smart does indicate that it is using RSA 4096 bit encryption and actually gives the domain in which you’ll be going.
Can anyone tell me to which TLD this page is going to?
- .com
- .edu
- .org
- .help
- .org
- .top
- .info
Once you get to the page and you enter the code, which seems to be all you can do there, it connects you to download a remote assistance agent called Connect Wise.
Once this tool is installed, the article indicates that the phone agent will ask you more questions while another agent will access your system to steal data or install other software on to your system.
BleepingComputer has learned that the phone number associated with the fake LastPass support center is linked to a much larger campaign.
The phone number, 805-206-2892, was also found promoted as a support number for numerous other companies, including Amazon, Adobe, Facebook, Hulu, YouTube TV, Peakcock TV, Verizon, Netflix, Roku, PayPal, Squarespace, Grammarly, iCloud, Ticketmaster, and Capital One.
Oh yes, for those who have guessed on the question, the TLD that you’re taken to is a .top domain. Thank you so much for playing. Lastpass’s domain is a .com, and as we’ve discussed .top we’ve only found nothing but phishing and fraudulent pages.
The domain itself is nothing really. I’m spacing the letters out, so that people don’t go there. The domain is called D G help.
Lastpass has always told users that they will never ask you for your password, even though you have already started a ticket. This is the way things should be now, because of the fact that it has not always been this way.
When I started, we needed usernames and passwords to assist people, but if we run our own business like web hosting, we are now given tools to where we can access all of the accounts we need.
The article in question is titled LastPass warns of fake support centers trying to steal customer data if you wish to read it.
This is Lastpass’s article: LastPass warns of fake support centers trying to steal customer data if you want to read it.
These fake support numbers are posted not only to Chrome extension reviews but also to sites that allow anyone to create content, such as company forums and Reddit.
While many of these posts are taken down as they are created, others are still available, with new ones created throughout the day.
These two paragraphs sum it up nicely. The fact that the number has been used in other campaigns, and the fact that it can be posted anywhere where people can post user content.
This number in this article and also listed in the linked Bleeping Computer article may not be the only number that could be posted.
Be safe out there!