Cybercrime

LastPass Users Targeted With Backup-Themed Phishing Emails

Threat actors may have wanted to take advantage of the holiday weekend in the United States to increase their chances of success.

Published

LastPass is warning customers about a new phishing campaign that involves emails advising targeted users to back up their vaults.

The phishing emails, which started circulating on or around January 19, have subject lines that reference maintenance and instruct recipients to create a backup of their vault.

The body of the email provides instructions for creating a backup and contains a link pointing to a phishing page designed to trick victims into handing over their master password. The phishing page is hosted on a fake LastPass domain.

“Please be advised that LastPass is NOT asking customers to backup their vaults in the next 24 hours; rather, this is an attempt on the part of a malicious actor to generate urgency in the mind of the recipient, a common tactic for social engineering and phishing emails,” LastPass warned.

The company also noted, “The timing of the campaign, which fell over a holiday weekend in the United States, is a common tactic among threat actors seeking to take advantage of reduced staffing under the assumption it will postpone detection and draw out response time.”

The password manager provider has shared indicators of compromise (IoCs) to help customers identify and block attacks. 

LastPass customers are regularly targeted by threat actors in phishing and other attacks. The company itself has also been targeted by hackers, including in attacks involving deepfakes

Advertisement. Scroll to continue reading.

However, the most significant security failure remains the 2022 breach, in which attackers exfiltrated the encrypted vault data of millions of users. 

Fallout from that incident continues; TRM Labs reported in December that threat actors are successfully cracking stolen master passwords to access vaults and drain cryptocurrency wallets.

Related: FBI: North Korean Spear-Phishing Attacks Use Malicious QR Codes

Related: Complex Routing, Misconfigurations Exploited for Domain Spoofing in Phishing Attacks

Related: AI Is Supercharging Phishing: Here’s How to Fight Back

Related: Google Says Chinese ‘Lighthouse’ Phishing Kit Disrupted Following Lawsuit 

In this article:,

Related Content

Phishing

Phishing

FBI, Google Dismantle ‘Outsider Enterprise’ Phishing Service

The platform used more than 9,000 phishing sites, stealing nearly 4 million credit cards and causing roughly $1.9 billion in losses.

2 days ago

Phishing

Over 500 Organizations Hit in Years-Long Phishing Campaign

Victims span across the aviation, critical infrastructure, energy, logistics, public administration, and technology sectors.

May 10, 2026

Phishing

Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations

The malicious emails claim to contain a conduct report and lure victims to a Microsoft phishing website that leverages AitM.

May 5, 2026

Phishing

New Bluekit Phishing Kit Features AI Assistant

Still under development, Bluekit provides users with automated domain registration and an AI Assistant.

May 2, 2026

Phishing

Robinhood Vulnerability Exploited for Phishing Attacks

Legitimate-looking emails coming from Robinhood systems lured recipients to phishing websites.

April 28, 2026

Email Security

The Behavioral Shift: Why Trusted Relationships Are the Newest Attack Surface

New analysis from Abnormal AI reveals how attackers have abandoned technical exploits to weaponize routine workflows and internal trust.

April 23, 2026

Phishing

Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

Threat actors are reusing Tycoon 2FA tools across other phishing kits following the platform’s disruption.

April 18, 2026

Phishing

Tycoon 2FA Fully Operational Despite Law Enforcement Takedown

Attack volumes are back to pre-disruption levels, and the adversary tactics have remained unchanged.

March 23, 2026

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version