Breaking News Technology

LastPass Users Target of New Phishing Scheme

Image courtesy of (Stuart Miles) / FreeDigitalPhotos.net

A new phishing expedition could end with hackers duping LastPass users into inadvertently handing over credentials.

lastpassforthatassThe leak wink in the security chain was discovered and discussed by Sean Cassidy, CTO of Presido Inc., at this past weekend’s Schmoocon Conference. Cassidy brought the information to LastPass which has, reportedly addressed the concern.

However, Cassidy explained in a blog entry that while LastPass will log a user out in they are inactive for a certain amount of time the recent phishing scheme actually pops up a similar alert outside of the browser’s viewport. The alert looks exactly like the LastPass one.

It’s a simple mistake and a user without a keen eye or the realization the pop up is outside the viewport, reports Computer World, could hand over their password.

“The first line of defense that LastPass has introduced is preventing the malicious page from actually logging the user out of LastPass. Even though the malicious page shows a fake LastPass notification saying the user has been logged out and needs to login again, the user can see that the LastPass extension itself in their browser toolbar is still logged in,” LastPass explains on its support page, explaining how it has addressed the threat.

Beyond that, though, the company also explained it will detect if a user enters their master password on a non-LastPass page and will pop up a strong warning, even before the user submits it to the page.

About the author

avatar

W. Brice McVicar

W. Brice McVicar is a staff writer for SiteProNews.

7 Comments

Click here to post a comment