LastPass Alerts Users to Fake Reviews and Phishing Attempts on Chrome Web Store
/ 2 min read
In a recent blog post, LastPass has alerted its users to a deceptive social engineering campaign targeting its Chrome Web Store app page. The threat actor behind this scheme is posting fake reviews that mislead users into calling a fraudulent support number. Once connected, the caller is guided through a series of questions and directed to a phishing site, dghelp[.]top, where their data is at risk. LastPass is actively working to remove these reviews and take down the phishing site, emphasizing that legitimate support will never ask for a master password.
- The scam involves fake reviews on the Google Chrome Web Store app page.
- Users are directed to a fake support number and phishing site, dghelp[.]top.
- LastPass is actively removing fake reviews and working to take down the phishing site.
The campaign exploits the trust users place in app store reviews, a common tactic in social engineering. By posing as legitimate support, the threat actor gains credibility, making it easier to deceive users. The consistent text in the reviews, despite changing usernames, suggests a coordinated effort to maintain the scam’s appearance of legitimacy.
Despite LastPass’s efforts to mitigate the threat, challenges remain. The dynamic nature of the scam, with changing usernames and potentially evolving tactics, requires constant vigilance. Users must remain cautious and verify any suspicious communications through official channels.
Bottom line: LastPass’s proactive measures highlight the importance of user awareness in combating social engineering threats. By staying informed and cautious, users can protect themselves from scams that exploit trust and familiarity.
