Sophisticated Phishing Campaign Targets LastPass Users with Fake Death Claims
Security researchers are reporting a sophisticated phishing campaign targeting LastPass users with fake death certificate notifications. The attacks leverage the password manager’s legitimate Emergency Access feature to create convincing social engineering scenarios. According to analysis, threat actors are using fake login pages and voice phishing to steal master passwords and stored passkeys.
Security researchers are sounding the alarm about an unusually sophisticated phishing campaign that’s targeting LastPass users with a particularly clever twist: fake death certificate notifications. According to reports from Bleeping Computer, attackers are weaponizing the password manager’s legitimate “Emergency Access” feature to create convincing social engineering scenarios.
