LastPass issues alert as customers targeted in new phishing campaign
The company says messages claiming that LastPass users need to backup vaults are false
LastPass has urged customers to be on the alert for phishing emails amidst an ongoing scam campaign.
The password management firm said emails claiming the site is due to undergo maintenance have been circulating since 19 January. The messages include prompts for customers to backup vaults within the next 24 hours, LastPass revealed.
"Please be advised that LastPass is NOT asking customers to backup their vaults in the next 24 hours; rather, this is an attempt on the part of a malicious actor to generate urgency in the mind of the recipient, a common tactic for social engineering and phishing emails," said the firm in a statement.
The emails come with several different subject lines, including:
- "LastPass Infrastructure Update: Secure Your Vault Now”
- “Your Data, Your Protection: Create a Backup Before Maintenance”
- “Don’t Miss Out: Backup Your Vault Before Maintenance”
- “Important: LastPass Maintenance & Your Vault Security”
- “Protect Your Passwords: Backup Your Vault (24-Hour Window)”.
The sender addresses are support@sr22vegas[.]com and support@lastpass[.]server8/server7/server3.
IPs associated with the campaign include 192.168.16[.]19 and 172.23.182.202, LastPass confirmed.
How to spot the fake LastPass emails
The emails claim that a “legacy access” request has been opened – often using alarming language, such as even informing recipients they may be deceased – and include fake case details to appear legitimate.
Victims are directed to a fraudulent LastPass website that looks like the real thing, hosted at “group-content-gen2.s3.eu-west-3.amazonaws[.]com/5yaVgx51ZzGf”, which then redirects to “mail-lastpass[.]com.”
Here they are prompted to enter their credentials. In some cases, the attackers also follow up with phone calls to increase pressure.
“This campaign is designed to create a false sense of urgency, which is one of the most common and effective tactics we see in phishing attacks,” said a spokesperson for the threat intelligence, mitigation, and esalaction (TIME) team at LastPass.
“We want customers and the broader security community to be aware that LastPass will never ask for their master password or demand immediate action under a tight deadline. We thank our customers for staying vigilant and continuing to report suspicious activity.”
LastPass campaign looks to catch users off-guard
Notably, the campaign was timed for a holiday weekend in the US, probably in the hopes that this would mean reduced staffing levels that could delay detection and draw out response time.
"Please remember that no one at LastPass will ever ask for your master password. Rest assured, we are working with our third-party partners to have this domain taken down as soon as possible," said the firm.
"In the meantime, please take the appropriate precautions and, as always, if you are ever unsure whether a LastPass branded email is legitimate, submit it to abuse@lastpass.com."
The latest advisory marks the second time in six months that LastPass has been forced to put out an alert like this. A phishing campaign in October 2025 used similar tactics, claiming that the company had been hacked.
FOLLOW US ON SOCIAL MEDIA
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.
-
AWS CEO Matt Garman isn’t convinced AI spells the end of the software industryNews Software stocks have taken a beating in recent weeks, but AWS CEO Matt Garman has joined Nvidia's Jensen Huang and Databricks CEO Ali Ghodsi in pouring cold water on the AI-fueled hysteria.
-
Deepfake business risks are growingIn-depth As the risk of being targeted by deepfakes increases, what should businesses be looking out for?
-
Security experts warn Substack users to brace for phishing attacks after breachNews Substack CEO Christ Best confirmed the incident occurred in October 2025
-
Google issues warning over ShinyHunters-branded vishing campaignsNews Related groups are stealing data through voice phishing and fake credential harvesting websites
-
Notepad++ hackers remained undetected and pushed malicious updates for six months – here’s who’s responsible, how they did it, and how to check if you’ve been affectedNews Hackers remained undetected for months and distributed malicious updates to Notepad++ users after breaching the text editor software – here's how to check if you've been affected.
-
CISA’s interim chief uploaded sensitive documents to a public version of ChatGPT – security experts explain why you should never do thatNews The incident at CISA raises yet more concerns about the rise of ‘shadow AI’ and data protection risks
-
Former Google engineer convicted of economic espionage after stealing thousands of secret AI, supercomputing documentsNews Linwei Ding told Chinese investors he could build a world-class supercomputer
-
Hackers are using LLMs to generate malicious JavaScript in real time – and they’re going after web browsersNews Defenders advised to use runtime behavioral analysis to detect and block malicious activity at the point of execution, directly within the browser
-
Thousands of Microsoft Teams users are being targeted in a new phishing campaignNews Microsoft Teams users should be on the alert, according to researchers at Check Point
-
Microsoft warns of rising AitM phishing attacks on energy sectorNews The campaign abused SharePoint file sharing services to deliver phishing payloads and altered inbox rules to maintain persistence
