LastPass would like to make our customers aware of a new SMS-based phishing (smishing) campaign targeting our customers. These texts are being sent from the phone number 833-479-4892 and include text stating the following: “[LastPass] We just blocked an unrecognized device from logging in. If it was not you, please secure your account immediately (sso-lastpass.com/reset)”. If you click on the link in the text, you will be directed to a phishing page that appears to be designed to collect your credentials, including your master password. An example of the phishing site can be found below:
We are currently working to get the phishing site taken down and wanted to notify our customers as soon as possible. Please remember that no one at LastPass will ever ask for your master password. If you need customer support, including to reset your master password, please go directly to our website, https://www.lastpass.com. As always, please take the appropriate precautions, and if you have any questions if an email or phone number is legitimate, please submit it to abuse@lastpass.com.
Phishing Site Information:
URL: sso-lastpass[.]com
IP: 2606:4700:3034::ac43:d14f
SMS Sending Phone Number:
833-479-4892
