LastPass Warns of Hackers Misusing Opinions for Faux Help Numbers

LastPass, the favored password administration service, has issued an pressing warning to its customers about an ongoing social engineering marketing campaign focusing on prospects by means of faux critiques on the Chrome Internet Retailer.

The corporate has found that menace actors put up fraudulent 5-star critiques for the LastPass Chrome extension, selling a faux buyer assist telephone quantity to steal person information.

The scam involves hackers leaving constructive critiques that urge customers experiencing points with the LastPass app to contact “LastPass on-line customer support” at a particular telephone quantity.

Nonetheless, this quantity just isn’t related to LastPass; as a substitute, it connects callers to scammers impersonating firm representatives.

When customers name the faux assist quantity, they’re greeted by a person who asks about their product points and gadget data. The scammer then directs callers to a suspicious web site, dghelp[.]high, whereas remaining on the road to encourage engagement with the location.

Construct an in-house SOC or outsource SOC-as-a-Service -> Calculate Costs

Faux Internet Retailer Opinions

These faux assist numbers are being disseminated not solely by means of Chrome extension critiques but in addition on varied on-line platforms that permit user-generated content material.

LastPass is actively working to disrupt this marketing campaign by eradicating faux critiques and taking down phishing websites.

The company emphasizes that these critiques are fraudulent and warns customers to be cautious, because the usernames related to the critiques could change, however the textual content has remained constant.

To guard themselves, LastPass customers are reminded that the corporate won’t ever ask for his or her grasp password.

For official buyer assist, customers ought to solely use the official LastPass web site. The corporate encourages customers to train warning and report any suspicious emails or telephone numbers to [email protected].

This newest safety menace comes within the wake of earlier cyberattacks on LastPass, together with vital breaches in 2022 that resulted within the theft of buyer information and supply code.

As the corporate continues to rebuild belief with its person base, this new rip-off highlights the continuing challenges in sustaining cybersecurity within the face of more and more refined social engineering techniques.

Run non-public, Actual-time Malware Evaluation in each Home windows & Linux VMs. Get a 14-day free trial with ANY.RUN!