LastPass is warning prospects a few new phishing marketing campaign that entails emails advising focused customers to again up their vaults.<\/strong><\/p>\n The phishing emails, which began circulating on or round January 19, have topic traces that reference upkeep and instruct recipients to create a backup of their vault.<\/p>\n The physique of the e-mail supplies directions for making a backup and incorporates a hyperlink pointing to a phishing web page designed to trick victims into handing over their grasp password. The phishing web page is hosted on a faux LastPass area.<\/p>\n \u201cPlease be suggested that LastPass is NOT asking prospects to backup their vaults within the subsequent 24 hours; moderately, that is an try on the a part of a malicious actor to generate urgency within the thoughts of the recipient, a typical tactic for social engineering and phishing emails,\u201d LastPass warned<\/a>.<\/p>\n The corporate additionally famous, \u201cThe timing of the marketing campaign, which fell over a vacation weekend in america, is a typical tactic amongst menace actors searching for to reap the benefits of diminished staffing below the idea it would postpone detection and draw out response time.\u201d<\/p>\n The password supervisor supplier has shared indicators of compromise (IoCs) to assist prospects establish and block assaults.\u00a0<\/p>\n LastPass prospects are repeatedly focused<\/a> by menace actors in phishing and different assaults. The corporate itself has additionally been focused by hackers, together with in assaults involving deepfakes<\/a>.\u00a0<\/p>\n![\"\"](\"https:\/\/www.securityweek.com\/wp-content\/uploads\/2026\/01\/LastPass-phishing.png\")
<\/figure>\n<\/div>\n