LastPass is warning users about an ongoing phishing campaign that is using fake security notices to direct them to fraudulent websites.
The phishing emails are crafted to resemble legitimate corporate communications, notifying recipients of updated security policies and directing them to a landing page that impersonates DocuSign and claiming to provide a document for review.
LastPass emphasizes that its systems have not been compromised and that the phishing emails did not originate from its infrastructure, despite the attackers using domains designed to appear as legitimate company services.
The emails sent from ‘[email protected]’ notify the user of alleged service policy changes in LastPass, including enhanced SaaS monitoring, master password reset options for administrators, and admin console improvements.
Malicious email
Source: BleepingComputer
Clicking on the ‘Review & Access Terms’ button embedded in the email takes users to a website impersonating the DocuSign service widely used for sending, signing, and managing documents electronically.
However, the domain used is lastpasscompliance[.]com, which has been flagged as malicious by Microsoft Defender for Office 365 and Cloudflare.
Fake DocuSign website
Source: LastPass
... continue reading