Safety Detectives
$ United States dollar
$ United States dollar Euro£ British poundAED UAE dirhamARS Argentine pesoAU$ Australian dollarBGN Bulgarian levR$ Brazilian realCA$ Canadian dollarCHF Swiss francCLP Chilean pesoCN¥ Chinese yuanCOP Colombian pesoCZK Czech korunaDKK Danish kroneEGP Egyptian poundHK$ Hong Kong dollarHUF Hungarian forintIDR Indonesian rupiah Israeli new shekelINR Indian rupee¥ Japanese yen South Korean wonMX$ Mexican pesoMYR Malaysian ringgitNOK Norwegian kroneNZ$ New Zealand dollarPLN Polish złotyRON Romanian leuRUB Russian rubleSAR Saudi riyalSEK Swedish kronaSGD Singapore dollar฿ Thai bahtTRY Turkish liraNT$ New Taiwan dollarUAH Ukrainian hryvnia Vietnamese DongZAR South African rand

LastPass Users Fall Victim to Sophisticated Scam

Penka Hristovska
Penka Hristovska
Published on: April 22, 2024
Penka Hristovska Penka Hristovska
Published on: April 22, 2024

LastPass is alerting its users about a malicious campaign using the CryptoChameleon phishing kit.

This kit allows cybercriminals to build counterfeit websites that mimic legitimate services, featuring genuine-looking graphics and logos. The main goal is to trick users into submitting their login credentials, which the attackers can use or sell.

LastPass confirmed that the attackers utilized the CryptoChameleon phishing kit to set up a fraudulent website mimicking LastPass.

The attack begins when the victim receives a phone call from a number appearing to belong to LastPass. Using an American accent, the caller identifies themselves as a LastPass employee. During this call, the purported employee tells the victim about a security breach affecting their account and offers to assist by sending an email to reset their access.

The email sent to the victim includes a link leading to a phishing site, “help-lastpass[.]com,” which closely mimics the official LastPass interface. As part of the scheme, unsuspecting users are asked to enter their master password on this fake site.

Once the attackers capture this password, they use it to access the victim’s actual LastPass account. They then change crucial account details, such as the primary phone number, email address, and master password.

These changes lock the legitimate user out of their account and give the attacker complete control. LastPass says the malicious website is currently offline, but it is highly probable that similar campaigns might emerge.

The company is now advising users to remain vigilant against suspicious phone calls, messages, or emails that appear to be from LastPass and press for immediate action. Some signs of suspicious communications from this campaign include emails titled “We’re here for you” and messages containing links shortened through URL services.

The phishing kit was identified earlier this year by security experts after it was used to target Federal Communications Commission (FCC) employees with specially designed Okta single sign-on (SSO) pages.

Cybercriminals used the same phishing kit to launch attacks against major cryptocurrency platforms such as Binance, Coinbase, Kraken, and Gemini. The attackers used fake pages to mimic Okta, Gmail, iCloud, Outlook, Twitter, Yahoo, and AOL.

About the Author
Penka Hristovska
Penka Hristovska
Editor
Published on: April 22, 2024

About the Author

Penka Hristovska is an editor at SafetyDetectives. She was an editor at several review sites that covered all things technology — including VPNs and password managers — and had previously written on various topics, from online security and gaming to computer hardware. She’s highly interested in the latest developments in the cybersecurity space and enjoys learning about new trends in the tech sector. When she’s not in “research mode,” she’s probably re-watching Lord of The Rings or playing DOTA 2 with her friends.