New phishing campaign hits LastPass, Bitwarden users – password manager customers warned against falling for this scam


  • Attackers spoof LastPass and Bitwarden with phishing emails from fake newsletter domains and trick users into signing fake DocuSign documents
  • Victims are redirected to malicious “compliance” domains flagged by Microsoft Defender and Cloudflare, which have already been taken offline
  • None of the passwords were broken; this is domain spoofing and users are encouraged to verify sender addresses and domains before clicking on links

Criminals have been found impersonating popular password managers LastPass and Bitwarden online in an attempt to trick users into sharing their login details and thus gaining access to a treasure trove of passwords and other secrets.

LastPass recently issued an alert to its customers, raising awareness of the ongoing phishing campaign.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top