New phishing campaign hits LastPass, Bitwarden users - password manager customers warned not to fall for this scam
No, LastPass' security policies have not been updated, and neither have Bitwarden's - it's a scam.
- Attackers are spoofing LastPass and Bitwarden with phishing emails from fake newsletter domains, tricking users into signing bogus DocuSign documents
- Victims are redirected to malicious “compliance” domains flagged by Microsoft Defender and Cloudflare, already taken offline
- Neither password manager was breached; this is domain spoofing, and users are urged to verify sender addresses and domains before clicking links
Criminals have been found impersonating popular password managers LastPass and Bitwarden online in an attempt to trick users into sharing their login credentials, and thus access to a treasure trove of passwords and other secrets.
LastPass recently issued a warning to its customers, raising awareness of the ongoing phishing campaign.
However the scam also now seems to have spread to other password managers, with Bitwarden customers also apparently being targeted.
Passwords are safe
In the campaign, LastPass users received emails from the address “[email protected]”.
This address does not belong to LastPass, and is in no way affiliated with the password manager. In the message, the victims are told that the company’s security policies have been updated, and that they should navigate to a specific landing page and sign a DocuSign document.
The email comes with a ‘Review & Access Terms’ button which, if clicked, redirects the victims to lastpasscompliance[dot]com, yet another domain unaffiliated with the password management platform.
BleepingComputer claims this domain has already been flagged as malicious by both Microsoft Defender for Office 365, and Cloudflare and is currently offline.
Digging deeper, the journalists uncovered another campaign, almost identical, but now targeting Bitwarden users. In this case, the victims were being mailed from the “[email protected]” addresses and were being redirected to bitwardencompliance[dot]com. Identical methodology, just slightly personalized.
It is important to note that neither LastPass nor Bitwarden were compromised as part of this attack.
The companies’ infrastructure is intact, and the passwords are safe. This is a typical domain spoofing attack in which the crooks purchase a domain similar to the legitimate one, in hopes that the victims won’t spot the difference.
As usual, the best course of action is to always be skeptical of incoming emails, and to double-check the domains and email addresses from which they are sent. It is also good to cross-reference these emails with any older messages that are proven to be authentic, to see if the domains and addresses match.
Share
What's Your Reaction?
Like
0
Dislike
0
Love
0
Funny
0
Angry
0
Sad
0
Wow
0
