That LastPass or Bitwarden Security Email May Be a Scam


Source: Emily Long / lifehacker.com

Phishing Campaign Targets LastPass and Bitwarden Users

Scammers are targeting LastPass and Bitwarden users with fake security alerts designed to compromise their data and devices. The phishing campaign involves sending emails that look like official security notices from the password managers, aiming to trick users into divulging sensitive information or clicking on malicious links.

LastPass recently alerted users to an impersonation scam in which threat actors are sending phishing emails that appear to be official security notices. The messages come from the email address hello@lastpassnewsletter.com with the subject line ‘Action Required: Review Updated LastPass Security Policies.’

The email body contains supposed changes to LastPass security monitoring and reporting protocols, stating that users ‘have 14 business days to review and accept the updated terms’ via DocuSign. However, the link redirects to a suspicious website, https://lastpasscompliance.com/, which looks like a legitimate DocuSign page complete with a chatbot window. The website prompts users to ‘download’ DocuSign in order to review and sign the document.

It’s unclear whether the goal of the scam was to spread malware or harvest user credentials, as the malicious website has since been taken down. Nevertheless, Bitwarden users have been targeted with a nearly identical campaign, according to BleepingComputer.

How to Spot the Scam

On the surface, the phishing emails targeting LastPass and Bitwarden users are convincing. They contain technical jargon, which may lead users to skim over the specifics and trust the information as legitimate. The email also includes a call to action, stating that users have 14 days to accept the terms or their account ‘may be temporarily restricted.’

However, several red flags should raise suspicion. Firstly, the sender’s email address, hello@lastpassnewsletter.com, is not an official LastPass domain. Additionally, the URL https://lastpasscompliance.com/ is not a real LastPass site. The same applies to https://bitwardencompliance.com/, which is not a legitimate Bitwarden website.

Users should be cautious when entering their master password or other credentials, especially if they come from a link in an email, text message, or social media post. Links from these sources are at risk of being phishing attempts. If users have supplied their credentials to a suspicious site, they should update them immediately from a trusted device.

It’s also worth noting that users should not need to download software or use DocuSign for their password manager. Any actions on their account should occur when they are logged in to the legitimate site or vault. By being vigilant and aware of these tactics, users can protect themselves from falling victim to this type of phishing campaign.

LastPass and Bitwarden users should be aware of these tactics and take steps to protect themselves. By staying informed and being cautious when interacting with emails and websites, users can minimize the risk of falling victim to this type of scam.

Protecting Yourself from Phishing Scams

To avoid falling victim to phishing scams, users should be cautious when interacting with emails and websites. Here are some tips to help protect yourself:

  • Verify the sender’s email address and URL to ensure they are legitimate.
  • Be wary of technical jargon and be cautious when clicking on links or downloading software.
  • Only enter your master password or other credentials when navigating directly to your password manager’s website or vault.
  • Update your credentials immediately if you have supplied them to a suspicious site.
  • Do not rely on emails or messages from unknown senders to take action on your account.

By following these tips and being aware of the tactics used in phishing campaigns, users can protect themselves from falling victim to these types of scams.