New phishing campaign hits LastPass, Bitwarden users – password manager customers warned not to fall for this scam



  • Attackers are spoofing LastPass and Bitwarden with phishing emails from fake newsletter domains, tricking users into signing bogus DocuSign documents
  • Victims are redirected to malicious “compliance” domains flagged by Microsoft Defender and Cloudflare, already taken offline
  • Neither password manager was breached; this is domain spoofing, and users are urged to verify sender addresses and domains before clicking links

Criminals have been found impersonating popular password managers LastPass and Bitwarden online in an attempt to trick users into sharing their login credentials, and thus access to a treasure trove of passwords and other secrets.

LastPass recently issued a warning to its customers, raising awareness of the ongoing phishing campaign.

https://cdn.mos.cms.futurecdn.net/Ramk8kAMZnG58FVJidCvuF-800-80.jpg



Source link

Latest articles

spot_imgspot_img

Related articles

Leave a reply

Please enter your comment!
Please enter your name here

spot_imgspot_img