When clicked by an unsuspecting user, the link often directs users to a webpage that appears to look legitimate where the targeted users are prompted to input their credentials. Doing so can result in the user's personal data being accessed, stolen, or sent in an unauthorized manner. Once the bad actor has access to the credentials of the user, they are often able to take control by changing the credentials and locking the user out, or even potentially selling access to the account to other bad actors.
Email recipients need to take these threats seriously, while people also need to make sure they are safe when using any product that sends them an email, they also should be able to identify whether an email is one that is innocent or malicious and the types of methods and identifiers that set them apart. In this attack, the malicious emails were sent using the email address(es) “do-not-reply-support[@]lastpass.ch”, “do-not-reply-support[@]lastpassinc.com” or “do-not-reply-support[@]lastpasses.net” with the subject line “LastPass – Adaptive Protection Alert”.
Users should be weary about receiving an email message containing a link to a URL and should never click on the link if there is a question about it's validity. Instead, we encourage people to remember to open links in a web browser instead, and to always check before opening any attachment. End user Security Awareness Training can help your organization protect your employees through training on how to identify malicious emails and safe email procedures as well as testing to measure the effectiveness of the training over time.
Phishing kits are becoming one of the most accessible components within a cybercriminal's arsenal.
Deepfakes are on the rise with AI. Are you ready to defend against them?
We break down how to spot and avoid tax season phishing scams.
