New phishing campaign hits LastPass, Bitwarden users - password manager customers warned not to fall for this scam

https://cdn.mos.cms.futurecdn.net/Ramk8kAMZnG58FVJidCvuF-800-80.jpg
  • Attackers are spoofing LastPass and Bitwarden with phishing emails from fake newsletter domains, tricking users into signing bogus DocuSign documents
  • Victims are redirected to malicious “compliance” domains flagged by Microsoft Defender and Cloudflare, already taken offline
  • Neither password manager was breached; this is domain spoofing, and users are urged to verify sender addresses and domains before clicking links

Criminals have been found impersonating popular password managers LastPass and Bitwarden online in an attempt to trick users into sharing their login credentials, and thus access to a treasure trove of passwords and other secrets.

LastPass recently issued a warning to its customers, raising awareness of the ongoing phishing campaign.

However the scam also now seems to have spread to other password managers, with Bitwarden customers also apparently being targeted.

Passwords are safe

In the campaign, LastPass users received emails from the address “hello@lastpassnewsletter.com”.

This address does not belong to LastPass, and...

Copyright of this story solely belongs to techradar.com. To see the full text click HERE

Read more