October 10th, 2023 | Updated on November 4th, 2025
A phishing campaign that commenced approximately two weeks ago is urging individuals to click on a link and verify their personal information. In reality, it’s an elaborate scam designed to pilfer your data.
If you’re a LastPass user, exercise extreme caution regarding phishing emails infiltrating your inbox. Hackers are launching successive waves of deceitful messages posing as the popular password manager.
LastPass issued a warning this week, disclosing that the initial wave of phishing emails emerged on September 13th. In a blog post, the company stated, “Our customers began reporting a widespread and highly convincing phishing campaign. The campaign exhibited a global reach, targeting various sectors, including 87 of our own employees.”
These phishing emails convincingly mimic LastPass and urge the recipient to promptly update their personal information or risk the deactivation of certain features. However, upon closer inspection, the emails are fraudulent and originate from the domain “marketing@sbito.co[.]th.”
Nonetheless, the phishing emails are adeptly crafted and might deceive some users into clicking the embedded link within the message. This action redirects them to a hacker-controlled login site at “customer-lastpass[.]su,” which appears capable of stealing any passwords and multi-factor authentication codes entered into the portal.
Furthermore, the phishing campaign seeks to exploit LastPass’s recent security challenges, including a significant breach last year. Consequently, the company has been mandating users to reset their multi-factor authentication codes to enhance platform security.
Read More: How To Stop Hackers From Invading Your Network In 9 Steps
Antivirus provider Malwarebytes initially alerted the public about this phishing threat on September 14th. LastPass has also collaborated with PhishLabs to thwart the attacks by urging website providers to shut down the internet domains powering the phishing campaign.
Regrettably, threat actors reemerged on September 19th, registering a similar subdomain for the credential phishing site and leveraging several new domains for the phishing emails, as disclosed by LastPass.
Therefore, users must exercise caution when opening any emails appearing to be from LastPass. Always verify the sender’s address to confirm the email’s legitimacy. Additionally, you can hover your mouse over email links before clicking them to reveal the underlying web addresses. Emails requesting sensitive information should immediately raise red flags.
Individuals encountering suspicious emails can report them by forwarding to abuse@lastpass.com. Stay vigilant and protect your personal information from phishing attempts.
Feature Image: Clint Patterson
