As part of our commitment to security, we want to make sure our users and the public are aware of recent reports of fraudulent emails being sent to LastPass customers.
Reports indicate that a third-party, bad actor, attempting to impersonate a LastPass representative, using the email address(es) “do-not-reply-support[@]lastpass.ch”, “do-not-reply-support[@]lastpassinc.com” or “do-not-reply-support[@]lastpasses.net” with the subject line “LastPass – Adaptive Protection Alert” (example below) is attempting to lure customers to click a malicious link in order to update their master password.
Please take note this is NOT a LastPass/LogMeIn email and did NOT come from someone at LastPass.
If you received this email and clicked on the link, we recommend immediately changing your LastPass password and enabling multi-factor authentication on your account, as well as your end users’ accounts.
While we are working with our partners to take down the malicious domains, we are additionally asking you to stay vigilant and be aware of the tell-tale signs of phishing attacks to help keep your information secure.
As the world continues to adjust to the “new normal” and increasingly works remotely, there has been a generally observed increase in phishing attacks. To help ensure your LastPass and other online accounts are secured from bad actors or hackers we recommend users follow these online best practices:
- Beware of phishing attacks like the above. Do not click on links from people you don’t know, or that seem out of character from your trusted contacts and companies.
- Never reuse passwords on multiple accounts, especially your LastPass Master Password. Use a different, unique password for every online account.
- Use a strong, secure master password for your LastPass account that you never disclose to anyone.
- Turn on multi-factor authentication for LastPass and other services like your bank, email, Twitter, Facebook, etc.
- Run antivirus, end-point protection, and/or anti-malware protection software, as well as regularly update your software and anti-virus signatures.