LastPass warns users not to fall for fake customer service scam

(Image credit: Future)

One of the most popular password managers out there, LastPass, is warning its customers not to fall for the latest scam campaign aimed directly at them.

In a blog post, the company explained scammers are targeting users via the Chrome Web Store. In the reviews section for LastPass’ Chrome add-on, the scammers are adding new content that directs the visitors to fake customer support.

Therefore, when victims who are having issues with the add-on visit the page, they might think that other users are helping them reach customer support directly. In reality, dialing the number shared there starts a conversation with the fraudsters, who will try to navigate the victims to a malicious website, and download malware.

Fake customer support

"Individuals calling this fake support number will be greeted by an individual asking what product they are having issues with and then a series of questions regarding whether they are attempting to access LastPass via a computer or a mobile device and what operating system they are using," explained LastPass.

"They will then be directed to the site dghelp[.]top while the threat actor remains on the line and attempts to get the potential victim to engage with the site, exposing their data."

Investigating further, BleepingComputer found the campaign’s goal is to get people to download ConnectWise ScreenConnect, a piece of remote support and access software that grants the attackers full access to the target computer. The publication also found that the phone number associated with this campaign was used in other similar campaigns, where crooks impersonated Amazon, Adobe, Facebook, YouTube TV, and many, many others. In other words, this is a well-organized team that has been impersonating major corporations and defrauding people for a while now.

As usual, the best way to defend against these attacks is to use common sense and double-check every piece of information found online.

More from TechRadar Pro

Data breached at LA Housing Authority after ransomware attack
Here's a list of the best firewalls today
These are the best endpoint protection tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.