Techly NewsGet the app

Get the latest tech news

LastPass users targeted in phishing attacks good enough to trick even the savvy


Campaign used email, SMS, and voice calls to trick targets into divulging master passwords.

Dubbed CryptoChameleon for its focus on cryptocurrency accounts, the kit provides all the resources needed to trick even relatively savvy people into believing the communications are legitimate. Last week, LastPass said one of its employees was targeted by a deepfake audio call designed to spoof the voice of company CEO Karim Toubba. MFA available through push notifications or one-time passwords provided by text, email, or authenticator apps are better than nothing, but as events over the past few years have demonstrated, they are themselves easily defeated in credential phishing attacks.

Get the Android app

Or read this on r/technology

Read more on:

Photo of attacks

attacks

Photo of LastPass users

LastPass users

Related news:

News photo

Hackers hijack OpenMetadata apps in Kubernetes cryptomining attacks

News photo

Exploit released for Palo Alto PAN-OS bug used in attacks, patch now

News photo

Apple stops warning of 'state-sponsored' attacks, now alerts about 'mercenary spyware' | Report claims India's government, which is accused of using Pegasus at home, was displeased - The Register

« Rents Are the Fed's 'Biggest Stumbling Block' in Taming US Inflation
Fake cheat lures gamers into spreading infostealer malware »