Blog
Recent
bg
LastPass Labs

Fake Web Store Reviews Attempting to Steal Customer Data

Mike KosakOctober 31, 2024
Fake Web Store Reviews Attempting to Steal Customer Data

6 November 2024 UPDATE: LastPass would like to provide on update on this activity to our customers as the threat actors are taking a new approach, now using emojis to post the fake customer service number in the Chrome Web Store app page. They have also changed the phone number, though the website the fraudsters direct you to has not changed. Please see below for an example: 

LastPass-fake-google-review-png

Again, please remember that no one at LastPass will ever ask for your master password. If you need customer support, please go directly to our website, https://www.lastpass.com. As always, please take the appropriate precautions, and if you have any questions if an email or phone number is legitimate, please submit it to abuse@lastpass.com.

Originally published 31 October 2024: LastPass would like to make our customers aware of a current social engineering campaign leveraging fake reviews on our Chrome Web Store app page. A threat actor appears to be submitting reviews where they direct customers to a fake number controlled by the threat actor. Examples of these Google Chrome Web Store app page posts and the phone number can be found below. 

Screenshot20241030at51154PMpng

Individuals calling this fake support number will be greeted by an individual asking what product they are having issues with and then a series of questions regarding whether they are attempting to access LastPass via a computer or a mobile device and what operating system they are using. They will then be directed to the site dghelp[.]top while the threat actor remains on the line and attempts to get the potential victim to engage with the site, exposing their data. 

We are working to disrupt this campaign by having the reviews removed and getting the phishing website taken down. At this time, we are only aware of these types of fake posts on the Google Chrome Web Store app page. Please be aware these reviews are fake and while the usernames associated with the reviews may change, the text has been consistent for every review to date

Please remember that no one at LastPass will ever ask for your master password. If you need customer support, please go directly to our website, https://www.lastpass.comAs always, please take the appropriate precautions, and if you have any questions if an email or phone number is legitimate, please submit it to abuse@lastpass.com.