Cybersecurity Awareness: Phishing Emails Targeting Password Manager Users

When our IT partners make us aware of the latest phishing campaigns, we believe it’s important to share risk awareness with our insureds.

Cybercriminals are now impersonating LastPass, a password manager that allows a group of coworkers to protect passwords, credentials, secure documents and more. With LastPass, every employee gets a personal password vault where they can store or edit their login information across all devices and major browsers.

Attackers are sending emails claiming users must “back up your vault within 24 hours” and then directing them to fraudulent websites designed to steal login information.

What to do:

• Do not click any links in emails claiming to be from LastPass.

• Delete the message immediately if you receive one.

• Access your account only by typing the official site address directly into your browser.

• Never share your master password with anyone.

For full details, you can read the official LastPass advisory here.