2 min read

Phishing scam targets LastPass and Bitwarden users

Fake LastPass and Bitwarden emails are pushing users to bogus DocuSign pages via spoofed domains. Neither password manager was breached.

Image: TechRadar

A new phishing campaign is impersonating LastPass and Bitwarden, using fake newsletter domains to push users toward bogus DocuSign pages designed to steal login credentials.

According to TechRadar, LastPass has already warned customers about the scam, and similar messages are now apparently reaching Bitwarden users as well. In the LastPass-themed version, emails were sent from hello@lastpassnewsletter.com — an address not affiliated with the company. The message claimed the company had updated its security policies and asked users to visit a landing page and sign a document.

Clicking the “Review & Access Terms” button redirected victims to lastpasscompliance[dot]com, another domain unrelated to LastPass. BleepingComputer reported that the domain was flagged as malicious by Microsoft Defender for Office 365 and Cloudflare, and is now offline.

Researchers also found a near-identical version aimed at Bitwarden customers. Those emails came from hello@bitwardennewsletter.com and linked to bitwardencompliance[dot]com.

What makes this attack notable is what it is not: neither LastPass nor Bitwarden was breached. Their infrastructure was not compromised, and the campaign relies instead on domain spoofing — registering lookalike domains in the hope that users miss the difference.

Recommended reading

AI won’t replace penetration testers just yet

For users, the advice is familiar but critical:

  • Check the sender address carefully
  • Verify the domain before clicking any link
  • Compare suspicious emails with older, legitimate messages from the same company
Best antivirus software header
Best antivirus software header
Sophia Reynolds

Security Editor

Sophia unpacks the invisible wars happening on our networks. Covering cybersecurity, privacy legislation, and cryptography, she exposes how our data is weaponized and defended. Before joining for(geeks), she spent years as a penetration tester. She's the reason the rest of the team uses physical security keys.

via TechRadar

// Keep reading