Hackers Mimic LastPass Support Email to Steal Vault Passwords A new and carefully crafted phishing campaign is currently targeting LastPass users, with attackers sending fake support emails designed to steal vault master passwords. The campaign, which began on or around March 1, 2026, relies on social engineering tactics to trick users into believing their accounts have been compromised, pushing them to hand over their credentials willingly.​ The attackers behind this operation are forwarding fabricated email chains that appear to show another individual attempting unauthorized actions on the target’s LastPass account. These fake actions include exporting vault data , triggering a full account recovery, or registering a new trusted device. By presenting what looks like an ongoing internal email thread, the attackers create an immediate sense of urgency, pushing the victim to click on provided links and act before any supposed damage is done. This tactic of manufacturing panic to force a quick response is a hallmark of social engineering attacks.​ LastPass analysts from the TIME team identified the campaign and issued a public advisory on March 3, 2026, confirming that the phishing operation was active. The team noted that there is no impact to LastPass systems themselves, but the real risk lies in users voluntarily submitting their credentials on fake login pages. The TIME team is actively working with third-party partners to take the malicious sites offline as quickly as possible.​ The scale of this campaign is significant. Attackers are routing victims through multiple redirect links before landing them on a fraudulent single sign-on login page hosted at  verify-lastpass[.]com . This domain acts as the central collection point for stolen credentials. To make detection harder, the attackers generate slightly modified versions of the URL by adding different trailing numbers, producing a large pool of unique-looking links that all point to the same phishing page. This approach also helps some of the links slip past basic URL-filtering tools used by email security gateways.​ Every LastPass user should treat any unexpected email referencing account activity with strong suspicion. LastPass has confirmed that its team will never ask for your master password through email or any other communication channel. Anyone uncertain about whether a LastPass branded email is genuine should report it directly to  abuse@lastpass.com  for the security team to investigate.​ Display Name Spoofing: How the Deception Holds Up The most technically effective element of this campaign is the use of display name spoofing. In this technique, the attacker manipulates only the visible name shown in the sender field of an email, while the actual sending address belongs to a completely unrelated domain. When a target receives one of these messages, they may see a name like “LastPass Support,” which looks completely legitimate at first glance. The real sending addresses, however, come from domains such as  hancochem[.]at ,  salud5i[.]cl ,  remstal-praxis[.]de , and  kreducationsa[.]com  — none of which are connected to LastPass in any way.​ Body of Phishing Email Example (Source – LastPass) This technique is especially effective against mobile users, since most mobile email applications display only the sender’s name by default. To check the actual sending address, a user has to manually expand the sender field, which many people do not do — particularly when an email already appears to come from a trusted source. Attackers lean into this behavior deliberately, crafting their fake correspondence to look like a real back-and-forth thread to add even more credibility to the deception.​ Fake LastPass SSO Login Page (Source – LastPass) Once a victim clicks a link embedded in the email, they are taken to what appears to be a legitimate LastPass single sign-on page with matching branding. The moment a user enters their master password, the attacker captures it and gains full access to everything stored inside the vault. These phishing pages are being served from IP addresses including  172.67.200[.]82 ,  104.21.21[.]204 , and  52.102.103[.]4 . Users are strongly advised to always inspect the full sender address in any security-related email, avoid clicking links that claim account activity has been detected, and go directly to the official LastPass website by typing the address into a browser instead. Follow us on  Google News ,  LinkedIn , and  X  to Get More Instant Updates ,  Set CSN as a Preferred Source in  Google . The post Hackers Mimic LastPass Support Email to Steal Vault Passwords appeared first on Cyber Security News .

Hackers Mimic LastPass Support Email to Steal Vault Passwords

CopterSpotter HelicoptersofDC's crowd-sourced heli tracking system.

To my dismay, the failure of the House to act makes DC’s helicopter self-reporting system CopterSpotter.com more important than ever.

Unfortunate I told the Congressman’s Chief of Staff that military misuse of ADS-B was a problem on April 28, 2023 @militarytimes.bsky.social @defenseone.bsky.social @twz.com

🚽 📦?

the ROTOR Act failed because the Pentagon said they don’t want to be accountable to the FAA or the American public and half of Republicans were cool with it.
Don’t fly out of DCA or any other market that shares airspace with the military (good luck)

If you got caught up in the Epstein files and America’s latest foreign war you might have missed the Pentagon’s threats to a private company for not providing technology to make autonomous death robots and tools to surveil U.S. citizens.
#ImWithClaude

This is a great weekend to send your presentation ideas to the Layer 8 Conference! Deadline is March 15.

Let's hear it from you OSINT investigators and Social Engineers. Whatcha got?
layer8conference.com 🎱

How tech turned against women As AI-generated sexualised images proliferate and app-facilitated abuse spreads, we are sleepwalking into a new age of gender inequality. It is time to regulate properly

"large language models such as ChatGPT were consistently advising women to ask for lower salaries than men in recruitment processes,... AI tools already in use by more than half of England’s councils were downplaying women’s medical conditions, potentially resulting in unequal care"

👋

Apple fixes zero-day flaw used in 'extremely sophisticated' attacks Apple has released security updates to fix a zero-day vulnerability that was exploited in an "extremely sophisticated attack" targeting specific individuals.

Apple fixes zero-day flaw used in 'extremely sophisticated' attacks

"where did you hear that"

"soneone who posts in the persona of an ensouled passenger jet aircraft"

"yeah that sounds legit"

Glad our video from 2022 can be of assistance as people hunt for Discord alts! It's a bit outdated, but the fundamentals are still there:
www.youtube.com/watch?v=2Qgy...

Hell, some Americans can’t speak, read, or understand English let alone another language.

What do you say to those who claim you’re not American? I understand it’s confusing to encounter an American who can speak two different languages.

The Onion’s Exclusive Interview With Bad Bunny https://theonion.com/the-onions-exclusive-interview-with-bad-bunny/

THIS IS THE WAY.

I hate the fake snapchat notifications. I ignore them.

Microsoft Hands Your Encryption Keys to the FBI | Jan 19-26 Microsoft hands over BitLocker encryption keys to the FBI, exposing a fundamental privacy flaw in Windows disk encryption.

NEW Digital Rights Digest 🚨
🔓 Microsoft hands FBI your encryption keys (~20x/year)
📱 Snapchat's fake notifications violate EU law
✨ F-Droid 2.0 modernizes privacy app store
💰 Nova Launcher adding ads after acquisition
techlore.tech/microsoft-ha...

WhatsApp just got sued for allegedly lying about end-to-end encryption, with claims that Meta employees can access any user's messages through a simple internal request. While the lawsuit provides no… WhatsApp Sued Over Fake Encryption Claims

"We kill people based on metadata." - Former NSA Director

WhatsApp's metadata collection is confirmed and shared with law enforcement. Now they're sued claiming the encryption itself is fake.

Our newest video dives into the weeds on WhatsApp: youtu.be/bfjyUtR5Xdk

Thank you all for sharing our newest video covering WhatsApp’s problems on the platform that needs to hear it most!

(And I guess the Signal users still thought it was fun to share too :P)

The findings, based on internal ICE material obtained by 404 Media, public records, and testimony from an ICE official, shows what kind of technological infrastructure Palantir is building for ICE. @evystadium.bsky.social has more.

Scoop by @josephcox.bsky.social: www.404media.co/elite-the-pa...

Those sources can include HHS, U.S. Citizenship and Immigration Services (USCIS), and “CLEAR.” The guide does not provide any more specifics on what CLEAR might be, but ICE has repeatedly contracted with Thomson Reuters which sells a data product called CLEAR. Thomson Reuters did not respond to a request for comment. HHS did not respond to a request for comment. The documents don’t say if those are the only entities providing data for ELITE. The user guide says ELITE is “integrating new data sources” to reduce officer workload.

ELITE gets data from lots of sources, and one of them appears to be Thomson Reuters' CLEAR data product. ICE has long contracted with the company, which sells addresses and other personal data. Those addresses can come from credit header data (when you open a card) www.404media.co/elite-the-pa...

“It pulls from all kinds of sources,” JB continued. “It’s a newer app that was actually given to us in ICE.” JB said ELITE is what ICE sometimes uses to track the apparent density of people at a particular location to target. “You’re going to go to a more dense population rather than [...] like, if there’s one pin at a house and the likelihood of them actually living there is like 10 percent [...] you’re not going to go there.” For that raid in Woodburn, JB suggested the immigration officers used ELITE to generate leads. Additionally, in a text thread of immigration officers, someone described the area as “target rich,” which JB explained meant the officials had run multiple license plates in that area and found vehicles registered to people “who had either a criminal or immigration nexus.”

This tool is what ICE is using to find places it thinks lots of immigrants are located. “You’re going to go to a more dense population rather than [...] like, if there’s one pin at a house” www.404media.co/elite-the-pa...

‘ELITE’: The Palantir App ICE Uses to Find Neighborhoods to Raid Internal ICE material and testimony from an official obtained by 404 Media provides the clearest link yet between the technological infrastructure Palantir is building for ICE and the agency’s activit...

New: meet ELITE, the Palantir app ICE is using to find neighborhoods to raid. Map interface; officers search for immigrants; click person to bring up individual dossier. This is clearest link between what Palantir is building and ICE's activities on the ground yet www.404media.co/elite-the-pa...

There’s a Lootbox With Rare Pokémon Cards Sitting in the Pentagon Food Court Frowned upon in video games, loot boxes are back in real life–and one’s in the Pentagon.

There's a lootboox with rare Pokemon cards sitting in the Pentagon food court. Thanks to a company called Lucky Box Vending, anyone passing through the center of American military power can pay to win a piece of randomized memorabilia from a machine www.404media.co/theres-a-loo...

New Legislation Would Rein In ICE’s Facial Recognition App The proposed law would force DHS only use the app, called Mobile Fortify, at ports of entry; delete all photos of U.S. citizens taken by the app; and effectively kill the local law enforcement of the ...

You can read more about this here, in this piece we published today about legislation designed to rein it in www.404media.co/new-legislat...

I compared the user interface in this photo to the leaked user guide I have for Mobile Fortify, and it's the same. Mobile Fortify is ICE's app for verifying someone's identity, immigration status, whether issued order of deportation. ICE says it overrides a birth certificate bsky.app/profile/donm...

Behind the Blog: Putting the Puzzle Together This week, we discuss the staying power of surveillance coverage, the jigsaw of reporting, and eyestrain.

I wrote more about putting the puzzle of Palantir and ICE together, why it feels like we're all dealing with different corners of the jigsaw

www.404media.co/behind-the-b...

YouTube video by 404 Media How Wikipedia Will Survive in the Age of AI (With Wikipedia’s CTO Selena Deckelmann)

Here's our interview with Wikipedia's CTO on how the crucial resource will survive in the age of AI

www.youtube.com/watch?v=39LR...

What happens when you identify the man behind two deepfake porn sites? Well, in Kolina Koltai's experience as an investigator, senior researcher and trainer at @bellingcat.com: they run.

Today on the podcast: www.youtube.com/watch?v=CbmU...

We want to uncover wrongdoing. We can with your support. Bellingcat is a not-for-profit. Consider donating so we can continue to create impact in 2026. www.bellingcat.com/donate