- Phishing emails claim victims died to steal LastPass master passwords
- Fake Last Pass Recovery Site[.]com imitates LastPass to harvest credentials and access keys
- CryptoChameleon group behind the attack; targets include crypto wallets and passwordless logins
Scammers are attempting to obtain master passwords from LastPass users using a sneaky phishing email scheme about their deaths.
The password manager has an inheritance feature – so if someone proves that the account owner is deceased and is the next of kin (or considered to have access to the account), LastPass can comply and put it back.
However, in the phishing emails, victims are told that someone has uploaded a death certificate confirming their death and that unless they act quickly, this will give them access to their vault (an encrypted password storage database, essentially).
CryptoChameleon
“Act fast” means clicking a link and logging into the LastPass account. However, those who rush to do so will not notice that the website they are connecting to is not LastPass, but rather – lastpassrecovery.[.]com – a scam landing page created only to harvest login credentials from gullible people.
The threat actor behind this morbid campaign is called CryptoChameleon – they are a known hacker collective specializing in crypto theft.
In the past, the group has been seen targeting Binance wallets, Kraken, Gemini and other platforms, using fake Okta, Gmail, iCloud and Outlook login landing pages, as well as passwords.
Passkeys are a passwordless authentication method that uses public key cryptography to verify the person’s identity without storing or entering a password. It is generally considered much more secure than a password, and many of the world’s largest technology companies have pushed to replace them entirely.
Obviously, the best way to defend against an attack is to think before you click and to be wary of email messages requiring urgent action.
Via BeepComputer
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
The best antivirus for every budget
