You trust your password manager to keep your credentials, documents, and identity data secure—and you probably also trust notices that come from your password manager with steps to maintain that security. Scammers are counting on this: A new phishing campaign is targeting LastPass and Bitwarden users with fake security alerts designed to compromise their data and devices.
Earlier this week, LastPass alerted users to an impersonation scam in which threat actors are sending phishing emails that look like official security notices. The messages come from hello[at]lastpassnewsletter[.]com with the subject line "Action Required: Review Updated LastPass Security Policies."
In the email body, attackers outlined supposed changes to LastPass security monitoring and reporting protocols and noted that users "have 14 business days to review and accept the updated terms" via DocuSign. The link redirected to https[:]//lastpasscompliance[.]com/, which looked like a legitimate DocuSign page complete with a chatbot window, and prompted users to "download" DocuSign in order to review and sign the document. It's unclear whether the goal was to spread malware or harvest user credentials, as the malicious website has since been taken down. However, Bitwarden users have been targeted with a nearly identical campaign, according to BleepingComputer.
How to spot the password manager scam
On the surface, the phishing emails targeting LastPass and Bitwarden users are pretty convincing. They have some technical jargon, so users may skim over the specifics and trust that the information is legitimate. There's a call to action, but the email states that users have 14 days to accept the terms or their account "may be temporarily restricted"—so the urgency is slightly lower than with some other scams. The email even reassures users that their vaults and accounts are "completely secure" and states that the required steps are "strictly" administrative in nature.
That said, both the sender and the URL should raise suspicion. Neither lastpassnewsletter[.]com nor lastpasscompliance[.]com are official LastPass domains, nor is bitwardencompliance[.]com a real Bitwarden site. Never enter your master password or other credentials unless you navigate directly to your password manager's website or vault—links from emails, texts, or social media messages are at risk of being phishing attempts. If you've supplied your credentials to a suspicious site, update them immediately from a trusted device. You also shouldn't need to download software or use DocuSign for your password manager, and any actions on your account should occur when you are logged in to the legitimate site or vault.
Hence then, the article about that lastpass or bitwarden security email may be a scam was published today ( ) and is available on Live Hacker ( Middle East ) The editorial team at PressBee has edited and verified it, and it may have been modified, fully republished, or quoted. You can read and follow the updates of this news or article from its original source.
Read More Details
Finally We wish PressBee provided you with enough information of ( That LastPass or Bitwarden Security Email May Be a Scam )
Also on site :
- PVR Inox’s Sanjeev Kumar Bijli On India’s Box Office Recovery, Cinema Expansion & Cannes Acquisitions Haul
- 1996 No. 1 Hit, Which Resurfaced 30 Years Later, Was Just Reimagined by Two Legends at the Grand Ole Opry
- Vera Bradley’s Quilted Tote Is the ‘Perfect Lunch Bag’ for Work or School, and It’s 52% Off at Amazon
