Phishing Scam Targets LastPass Users

Hackers are targeting LastPass users with a new phishing scam that pretends to be about account recovery after death.

The emails tell users that someone has made a “legacy request” to take over their LastPass account. If the user clicks the link in the email, they are taken to a fake website designed to steal their login details.

• The website looks like a real LastPass page but is hosted on a malicious domain called lastpassrecovery[.]com.
• Victims who enter their master password unknowingly hand it over to hackers.

According to reports, this phishing campaign began in mid-October 2025 and may be linked to the CryptoChameleon cybercrime group, which has previously targeted US government employees.

LastPass offers a legitimate “legacy access” feature that allows trusted family members or partners to request access to an account after the owner’s death.

The real process includes a waiting period and secure verification steps.

Author's summary: Hackers target LastPass users with fake legacy account emails.

more

PhoneWorld — 2025-10-26

---

More News

• Weekly Ratings, Targets, Forecast Changes - 24-10-25 - FNArena.com
• Four Korean Banks Paid 1.45 Billion Won in Interest Alone to Cambodia Crime-Linked Prince Group [2025 National Audit] - The Asia Business Daily
• Save Our Wallets: Bitcoiners Must Act To Defend Their Right To Transact