- LastPass phishing campaign tricks victims out of their master passwords
- Fake maintenance email warns users to back up their vaults immediately
- “No one at LastPass will ever ask you for your master password”
LastPass has issued a warning about a new phishing campaign that wants to trick users into handing over their master passwords, potentially all of their passwords, 2FA codes, payment information, and more.
A bogus “scheduled maintenance” email warning urges users to back up their password manager boxes within 24 hours, only to steal their credentials.
This false sense of urgency is one of the most common ways to trick victims into sharing their credentials, rushing them past some basic checks that would highlight the risky activity.
LastPass users warned of phishing campaign in January 2026
“Please note that LastPass does NOT ask customers to back up their vaults within the next 24 hours,” the company emphasized. “Please remember that no one at LastPass will ever ask for your master password.”
A genuine email template covers all the essentials – a presumed commitment to security, instructions on how to perform the backup, and contact methods for further questions.
However, there are some quick actions users can take before they fall victim. For example, sender addresses for the promotion include support@sr22vegas[.]com, support@lastpass[.]server8, support@lastpass[.]server7 and support@lastpass[.]server3.
LastPass promises to work with third-party partners to remove the domains it identifies, and it encourages users to report suspicious emails to [email protected].
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
