Beware of Chrome Store Scams: LastPass Warns of Social Engineering Campaign

LastPass reports a new social engineering campaign targeting its users through fake reviews on the Chrome Web Store application page.

Malicious actors post fraudulent reviews on the LastPass app page, urging users to call a counterfeit number, claiming to offer technical support.

Upon calling the number, the operator inquires about the specific product issue. This is followed by a series of questions about whether LastPass is being used on a computer or mobile device, as well as the operating system version. The user is then directed to the website dghelp[.]top and encouraged to remain on the line to engage further, ultimately leading to potential compromise of personal data.

LastPass is actively removing the fake reviews and initiating the blocking of the phishing site. So far, such reviews have been found only on the LastPass application page in the Google Chrome Web Store. Notably, these reviews contain identical text, although the usernames leaving the reviews may vary.

The company reminds users that LastPass employees will never ask for their master password. For support, users should only contact LastPass through the official website. If there is any doubt regarding the authenticity of a phone number or email, it is advised to submit inquiries through the company’s official support channels and to exercise caution at all times.