New phishing campaign hits LastPass and Bitwarden users – password manager customers warned not to fall for this scam


  • Attackers spoof LastPass and Bitwarden with phishing emails from fake newsletter domains, tricking users into signing fake DocuSign documents.
  • Victims are redirected to malicious “compliance” domains flagged by Microsoft Defender and Cloudflare, already taken offline
  • Neither password manager was hacked; This is domain spoofing and users are advised to verify sender addresses and domains before clicking on links.

Criminals have been discovered impersonating popular password managers LastPass and Bitwarden online in an attempt to trick users into sharing their login details and thus gaining access to a treasure trove of passwords and other secrets.

LastPass recently issued a warning to its customers, making them aware of the ongoing phishing campaign.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top