ACCORDING to LastPass, a new phishing campaign is targeting users with fake alerts that claim unauthorized access or master password changes. The emails purport to come from LastPass and rely on a spoofed display name, exploiting that many email clients only show the display name.
The messages urge recipients to take immediate action, such as revoking devices, disconnecting and locking their vault, or reporting suspicious activity, and contain links to a fake LastPass login page designed to harvest master passwords. LastPass has published indicators of compromise, including URLs, IPs, sender email addresses, and email subject lines. The company said it has been aided by Forta Brand Protection in takedown operations and has worked with hosting providers to remove the malicious sites. The report notes that this follows a January warning about a backup-themed phishing campaign. 4 March 2026.