LastPass has alerted users to a phishing attack that claims the recipient has passed away, using it as a bait to access their password vault. The phishing email states that a family member uploaded a death certificate and includes a link to a fraudulent page, where users are prompted to enter their master password. This exploitation targets legitimate inheritance processes designed for emergency access when users become incapacitated or die.
The scam is linked to a group known as CryptoChameleon, which previously employed similar tactics against cryptocurrency users. Attackers are taking advantage of the growing interest in passkeys, which offer increased security over traditional passwords. Though passkeys themselves cannot be phished directly, users can still be tricked into registering or syncing them on malicious sites, making them targets for theft. Security experts advise users to remain vigilant by avoiding email links for sensitive logins and educating themselves on passkey security.
👉 Pročitaj original: Malware Bytes
