Call (716) 373-4467
26Apr

LastPass Phishing Campaign Alert

Our team would like to raise awareness to a recent LastPass phishing campaign affecting our customers.

This is related to the CryptoChameleon phishing kit which has been associated with crypto thefts (more information on this kit can be found here). 

A cybercriminal can use these kits to create fake websites to steal passwords and other authentication data and either use these credentials themselves or sell them to other criminals.

Victims are directed to fake websites via phishing emails, SMS messages, or even direct phone calls (vishing). 

What the bad actors are doing:

This campaign is now using “tickets-lastpass[.]com” as its primary phishing page and appears to have shifted primarily to texting (SMS messages) as the main point of contact.

Customers are also receiving a call from an 888 number claiming their LastPass account has been accessed from a new device and instructing them to press “1” to allow the access or “2” to block it. Pressing 2 will lead you to a bad actor attempting to gain access to your account. 

Please contact the Databranch team immediately at 716-373-4467 x 4 or [email protected] if you receive correspondence related to your LastPass account.

comments powered by Disqus
Administrative Privileges AI AI algorithms AI in Cybersecurity Annual Security Training Anti-Virus Artificial Intelligence Authenticator App Backup and Recovery Backup Redundancy BCDR BEC breach prevention Breach Prevention Platform Breaches business continuity Business Email Compromise Business Email Compromises Business Phone System Business Software BYOD Call Directory Cisco Cloud Accounts Cloud Data Backup Cloud Infrastructure Cloud Security Cloud Solutions Comprehensive Cybersecurity Compromised Credentials computer support Computer Upgrades Conditional Access Credential Theft Cyber Attacks Cyber Criminals Cyber Defenses Cyber Insurance cyber liability insurance Cyber Risk Management Cyberattacks Cyberinsurance cybersecurity Cybersecurity Awareness month Cybersecurity Breach Cybersecurity Culture Cybersecurity Strategy Cybersecurity Training Cybersecurity Webinar Dark Web Dark Web Monitoring Data Backup Data Backup and Recovery Data Backup Solution Data Breach Data Breaches Data Governance Data Management Data Privacy Compliance Data Privacy Regulation data protection Data Recovery Data Restoration Data Security deepfake Deepfakes Defense in Depth Denial of Service Device Security Disaster Recover Disaster Recovery DNS Filtering doug wilson employee cybersecurity training Endpoint Detection and Response field technician Foundation Security Gift Card Scams Hackers Hosted VoIP i.t. service provider Identity Theft incident response plan Incident Response Planning Insider Threats Internet Explorer Internet of Things Intrusion Detection Intrusion Prevention IoT Devices IT Compliance IT Infrastructure IT Myths IT Partner IT Policies IT Resource IT Security IT Service Provider IT Services Juice Jacking Local Admin local admin privileges Lost Devices M365 malware Managed Clients Managed Detection and Response Managed IT managed service provider managed services Manages Services MDR MFA Microsoft Microsoft 356 Microsoft 365 Copilot Microsoft Office Mobile Devices MSP MSP501 Multi-Factor Authentication Network Monitoring Network Security Network Testing New Computer NIST Framework Offboarding Office 365 Outlook Outsourced IT password management Password Manager Password Managers Password Protection password security Passwords Patch Management Patches Patching PC Performance Penetration Testing Personal Data phishing Phishing Attacks PII Proactive Monitoring Processor productivity Professional Tune-Up Public WiFi Push-Bombing RAM Ransomware Ransomware Prevention Recovery point objective Recovery Time Calculator Recovery time objective Remote Monitoring Remote Working repeatbusinesssystems Ring Groups risk assessment Risk Management Risk Tolerance Rock-It VoIP RPO RTO RTO Costs SaaS Scammers Scams security Security Assessment Security Awareness Training Security Defaults Security Key Security Scans SLAM Method Smishing SMS Social Engineering Social Media Security Software-as-a-Service Solid-State Drive Sponsored Google Ads SSD stolen credentials Storage Teams technical support scam technology best practices Technology Management Technology Policies Technology Review Threat Detection Threat Identification Threat Modeling Updates virus VoIP Systems VPN Vulnerabilities Vulnerability Assessment Warning Signs Webinar Windows 8.1 Work Computers World Backup Day