SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

LastPass Users Targeted With Backup-Themed Phishing Emails

Threat actors may have wanted to take advantage of the holiday weekend in the United States to increase their chances of success.
Lastpass phishing

LastPass is warning customers about a new phishing campaign that involves emails advising targeted users to back up their vaults.

The phishing emails, which started circulating on or around January 19, have subject lines that reference maintenance and instruct recipients to create a backup of their vault.

The body of the email provides instructions for creating a backup and contains a link pointing to a phishing page designed to trick victims into handing over their master password. The phishing page is hosted on a fake LastPass domain.

“Please be advised that LastPass is NOT asking customers to backup their vaults in the next 24 hours; rather, this is an attempt on the part of a malicious actor to generate urgency in the mind of the recipient, a common tactic for social engineering and phishing emails,” LastPass warned.

The company also noted, “The timing of the campaign, which fell over a holiday weekend in the United States, is a common tactic among threat actors seeking to take advantage of reduced staffing under the assumption it will postpone detection and draw out response time.”

The password manager provider has shared indicators of compromise (IoCs) to help customers identify and block attacks. 

LastPass customers are regularly targeted by threat actors in phishing and other attacks. The company itself has also been targeted by hackers, including in attacks involving deepfakes

Advertisement. Scroll to continue reading.

However, the most significant security failure remains the 2022 breach, in which attackers exfiltrated the encrypted vault data of millions of users. 

Fallout from that incident continues; TRM Labs reported in December that threat actors are successfully cracking stolen master passwords to access vaults and drain cryptocurrency wallets.

Related: FBI: North Korean Spear-Phishing Attacks Use Malicious QR Codes

Related: Complex Routing, Misconfigurations Exploited for Domain Spoofing in Phishing Attacks

Related: AI Is Supercharging Phishing: Here’s How to Fight Back

Related: Google Says Chinese ‘Lighthouse’ Phishing Kit Disrupted Following Lawsuit 

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: How Modern Breaches Bypass MFA and Evade Detection
June 17, 2026

Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes.

Register

Webinar: Modern Exposure Validation in the AI Era
June 24, 2026

AI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program.

Register

People on the Move

Stephen Garcia has been named Chief Information Security Officer at BreachRx.

Kasper Lindgaard has been appointed Vice President of Security Strategy at CoreView.

Chaim Mazal has been named Chief Information Security Officer at GitLab.

More People On The Move

Expert Insights

Popular Topics

Security Community

Stay Intouch

About SecurityWeek

News Tips

Got a confidential news tip? We want to hear from you.

Submit Tip

Advertising

Reach a large audience of enterprise cybersecurity professionals

Contact Us

Daily Briefing Newsletter

Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.