LastPass Warns of Sophisticated ‘Are You Dead?’ Master Password Phishing Campaign
LastPass has identified an ongoing phishing campaign that uses fake death certificate notifications to trick users into revealing their master passwords. The sophisticated attacks exploit the password manager’s legitimate inheritance features while mimicking official LastPass communications. Security analysts warn these represent some of the most convincing social engineering attempts targeting password manager users to date.
Password manager giant LastPass is alerting users about a particularly clever phishing campaign that preys on one of life’s most sensitive moments: the death of a family member. According to security reports, attackers are sending convincing emails that appear to come from LastPass’s legitimate alert system, notifying recipients that a family member has submitted a death certificate to access their account through the platform’s inheritance features.