Lastpass is warning customers about a new attempt to gain access to their accounts. While I’ve not gotten emailed yet by Lastpass, I know it takes time, and or I’m not affected by this yet.
This is something that could happen to any password vault, at any of the password manager companies including KeyPass, One Password, or any others not mentioned here and or mentioned within the article.
Picture Smart says for this image:
The image is a screenshot of an email from LastPass with the subject line “Legacy Request Opened (URGENT IF YOU ARE NOT DECEASED).” The email states that a death certificate was uploaded by a family member to regain access to the recipient’s LastPass account. It instructs that if the recipient has not passed away and believes this is a mistake, they should reply to the email with the word “STOP.” The email is marked with a star and is shown in an inbox interface.
LastPass is warning customers of a phishing campaign sending emails with an access request to the password vault as part of a legacy inheritance process.
The activity started in mid-October, and the domains and infrastructure used point to a financially motivated threat group called CryptoChameleon (UNC5356).
CryptoChamemelon employs a phishing kit specializing in cryptocurrency theft, targeting multiple wallets including Binance, Coinbase, Kraken, and Gemini, using fake Okta, Gmail, iCloud, and Outlook sign-in pages.
LastPass users were targeted by the same group again in April 2024, but the newest campaign appears to be more extensive and also enhanced, now targeting passkeys too.
To add insult to injury, there is an agent ID, adding legitimacy to the email.
The link, if clicked, does not link to lastpass and their domain, it links to a totally different domain.
Lastpass has a web site in the .com domain, and here is that web page.
LastPass says that in some cases the threat actor called victims posing as LastPass staff and directed them to enter their credentials on the phishing site.
The company says that one key element in the CryptoChameleon attack targeting its users is the use of passkey-focused phishing domains such as mypasskey[.]info and passkeysetup[.]com, which indicate attempts to steal users’ passkeys.
The article does talk about passkeys in detail, and we also have talked about it in the podcast.
Lastpass does do passkeys these days just like IOS does.
The full article is titled Fake LastPass death claims used to breach password vaults so please go ahead and read this if you are a lastpass customer.
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.