LastPass phishing email attack targeting vault master passwords

A new phishing campaign targeting users of LastPass has emerged, where attackers impersonate LastPass support emails to steal vault master passwords. The campaign, first observed around March 1, 2026, uses social engineering to convince users that suspicious activity has occurred on their accounts, such as vault exports, account recovery attempts, or the addition of a new trusted device. These fake alerts create urgency and push victims to click malicious links.

LastPass phishing email attack targeting vault master passwordsLastPass phishing email attack targeting vault master passwords

The phishing emails contain fabricated email threads that appear to show internal communication about unauthorized access. Victims are redirected through multiple links before landing on a fake login page hosted on domains like verify-lastpass[.]com, which is designed to capture their credentials. To avoid detection, attackers generate multiple versions of the URL with slight variations, allowing the phishing links to bypass some email security filters.

LastPass phishing email attack targeting vault master passwordsLastPass phishing email attack targeting vault master passwords

One of the key techniques used in this campaign is display name spoofing, where attackers change the visible sender name to something like “LastPass Support” while the actual email address belongs to an unrelated domain. This tactic is particularly effective on mobile devices, where email apps often show only the display name. LastPass has confirmed that its systems were not compromised and advises users to never share their master password via email and to report suspicious messages to their security team.


NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, FraudProtector.net