heise PlusAbo
Anzeige

LastPass warns of phishing campaign

LastPass strongly warns of an ongoing phishing wave. The masterminds want access to the password vaults.

listen Print view
In the center a red security lock with a finger on it, surrounded by other security locks in blue. Schematic representation.

(Image: Ole.CNX / Shutterstock.com)

3 min. read
Security
By

There is currently a phishing wave targeting users of the password manager LastPass. According to the provider, the fraudulent emails started around Monday of this week.

LastPass is warning about this in a current blog post. The fraudulent emails reportedly come from different senders with varying subject lines. They claim that LastPass is performing maintenance and urge users to back up their password vaults within the next 24 hours.

LastPass strongly advises that the company does not ask customers to create backups of their vaults in the next 24 hours. Instead, it is an attempt by malicious actors to create a sense of urgency in the recipient, “a common tactic for social engineering and phishing emails,” LastPass further writes. The timing is also chosen according to usual tactics and falls on a holiday weekend in the USA. With fewer people working, the discovery of the phishing wave is expected to take longer.

Supposed Backups of Password Vaults

The call-to-action button in the email suggests that it will take victims to a website where they can create a backup of their password vault. In reality, however, those who click it land on the URL “group-content-gen2.s3.eu-west-3.amazonaws[.]com/5yaVgx51ZzGf”, which in turn redirects to the URL “mail-lastpass[.]com”.

“Nobody at LastPass will ever ask for your master password,” LastPass further explains. The company is working with partners to take down these domains as quickly as possible. LastPass customers should remain vigilant and, if in doubt about the authenticity of a LastPass email, it is better to send it to the email address abuse@lastpass.com and have it verified there.

LastPass has also compiled some tips for phishing. These include the following email addresses, URLs, and IPs:

  • “group-content-gen2.s3.eu-west-3.amazonaws[.]com/5yaVgx51ZzGf”, IP address 52.95.155[.]90
  • mail-lastpass[.]com,. IP addresses 104.21.86[.]78, 172.67.216[.]232 and 188.114.97[.]3
  • support@sr22vegas[.]com, support@lastpass[.]server8, support@lastpass[.]server7, support@lastpass[.]server3
  • IP addresses for these 192.168.16[.]19 and 172.23.182.202

The emails carry subject lines such as

  • “LastPass Infrastructure Update: Secure Your Vault Now”
  • “Your Data, Your Protection: Create a Backup Before Maintenance”
  • “Don't Miss Out: Backup Your Vault Before Maintenance”
  • “Important: LastPass Maintenance & Your Vault Security”
  • “Protect Your Passwords: Backup Your Vault (24-Hour Window)”

Videos by heise

LastPass frequently attracts the interest of cybercriminals. For example, in September 2023, there were indications that attackers had copied LastPass password vaults and were attempting to crack them. In early 2024, LastPass then worked on improved security, such as a minimum length of twelve characters for a master password and its comparison with passwords leaked in data breaches.

(dmk)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten