LastPass, Bitwarden users targeted with fake security alerts

Jul 14, 2026 - 19:14
0 0
LastPass, Bitwarden users targeted with fake security alerts

LastPass, Bitwarden users targeted with fake security alerts

LastPass is warning users about an ongoing phishing campaign that is using fake security notices to direct them to fraudulent websites.

The phishing emails are crafted to resemble legitimate corporate communications, notifying recipients of updated security policies and directing them to a landing page that impersonates DocuSign and claiming to provide a document for review.

LastPass emphasizes that its systems have not been compromised and that the phishing emails did not originate from its infrastructure, despite the attackers using domains designed to appear as legitimate company services.

image

The emails sent from ‘[email protected]’ notify the user of alleged service policy changes in LastPass, including enhanced SaaS monitoring, master password reset options for administrators, and admin console improvements.

Malicious emailMalicious email
Source: BleepingComputer

Clicking on the ‘Review & Access Terms’ button embedded in the email takes users to a website impersonating the DocuSign service widely used for sending, signing, and managing documents electronically.

However, the domain used is lastpasscompliance[.]com, which has been flagged as malicious by Microsoft Defender for Office 365 and Cloudflare.

Fake DocuSign websiteFake DocuSign website
Source: LastPass

Although LastPass could not confirm the goal of the campaign, the company says that the fake site prompts the user to download a file claiming to support both Windows and macOS.

The site offers live support through a chat box, but it is unclear if it is functional. At the time of writing, the malicious website has been taken offline.

BleepingComputer has found that Bitwarden users are targeted by similar emails sent from '[email protected]' and redirecting them to bitwardencompliance[.]com.

Email targeting Bitwarden usersEmail targeting Bitwarden users
Source: BleepingComputer

In March, LastPass warned about fake unauthorized account access alerts impersonating the password service, targeting users with fabricated communication threads designed to increase urgency and lead to data exposure.

Earlier, in January, LastPass users were targeted by fake alerts claiming they needed to back up their vaults within 24 hours, allegedly due to upcoming system maintenance.

LastPass has cautioned users that it will never ask users for the master password and asked them to report any suspicious communications to [email protected].

Users who entered credentials on phishing sites are advised to change their master passwords immediately from a trusted device and review their vaults for suspicious activity.

article image

Test every layer before attackers do

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper

What's Your Reaction?

Like Like 0
Dislike Dislike 0
Love Love 0
Funny Funny 0
Wow Wow 0
Sad Sad 0
Angry Angry 0

Comments (0)

User