This targeted phishing scam impersonates LastPass to create fear of account loss to cause the recipients to act, clicking on the malicious link. The email contains a deadline to pressure the user with urgency. However, if this user clicked the link and entered their LastPass information, they would compromise all of their accounts.
Tips if Something Seems Off:
Double-check the email address before responding.
Look to make sure the email address is correct. In Gmail, hover your mouse over the sender name for the email to display. On a mobile phone or a touchscreen, press and hold the link (don't tap!) to reveal the actual URL. (Look in the bottom left corner of the browser window.) Don't click on a link unless it goes to a URL you trust. In this scenario, we see that the email address is not related to LastPass, indicating malicious intent.
Follow up with the sender separately.
If you didn’t expect it, reject it. Or follow-up with the individual directly in a separate email or call/text to confirm. In this scenario, instead of clicking the suspicious link in this email, going to LastPass directly and checking your information is the best decision to protect your information.
Original Message
Warning
The links and email addresses included in these messages are from real-life examples, do not attempt to explore them.
The most dangerous links have been removed - you can hover your cursor over these links to see the original address in a pop-up techtip (instead of in the corner of the browser window).