Jump to content
  • LastPass warns of fake support centers trying to steal customer data


    Karlston

    • 165 views
    • 3 minutes
     Share


    • 165 views
    • 3 minutes

    LastPass is warning about an ongoing campaign where scammers are writing reviews for its Chrome extension to promote a fake customer support phone number. However, this phone number is part of a much larger campaign to trick callers into giving scammers remote access to their computers, as discovered by BleepingComputer.

     

    LastPass is a popular password manager that utilizes a LastPass Chrome extension to generate, save, manage, and autofill website passwords.

     

    Threat actors are attempting to target a large swath of the company's user base by leaving 5-star reviews with a fake LastPass customer support number.

     

    These reviews urge users facing any problems with the app to contact the LastPass online customer service at 805-206-2892, which is not associated with the vendor.

     

    Fraudulent reviews on Chrome Web Store
    Fraudulent reviews on Chrome Web Store
    Source: LastPass

    Instead, a scammer answering the phone will impersonate LastPass and direct individuals to a site at 'dghelp[.]top' where they must enter a code to download a remote support program.

     

    Fake support site
    Fake support site
    Source: BleepingComputer

    "Individuals calling this fake support number will be greeted by an individual asking what product they are having issues with and then a series of questions regarding whether they are attempting to access LastPass via a computer or a mobile device and what operating system they are using," explains LastPass.

     

    "They will then be directed to the site dghelp[.]top while the threat actor remains on the line and attempts to get the potential victim to engage with the site, exposing their data."

     

    BleepingComputer has discovered that entering the code on this page will download a ConnectWise ScreenConnect agent [VirusTotal] that will give the scammer full access to a person's computer.

     

    Support agent signed by ConnectWise
    Support agent signed by ConnectWise
    Source: BleepingComputer

    From there, one threat actor can keep the caller engaged with questions. At the same time, another scammer uses ScreenConnect in the background to install other programs for unattended remote access, steal data, or steal data from the computer.

     

    BleepingComputer found that the ScreenConnect client will make connections to attacker-controlled servers at molatorimax[.]icu and n9back366[.]stream. Both of these sites have previously been associated with an IP address in Ukraine before being hidden behind Cloudflare.

     

    LastPass users are reminded never to share their master password with anyone, not even legitimate customer support, as this would private access to all of the passwords and data stored in LastPass vaults.

    Linked to a larger scam campaign 

    BleepingComputer has learned that the phone number associated with the fake LastPass support center is linked to a much larger campaign.

     

    The phone number, 805-206-2892, was also found promoted as a support number for numerous other companies, including Amazon, Adobe, Facebook, Hulu, YouTube TV, Peakcock TV, Verizon, Netflix, Roku, PayPal, Squarespace, Grammarly, iCloud, Ticketmaster, and Capital One.

     

    Promoted as PayPal and iCloud support numbers
    Promoted as PayPal and iCloud support numbers
    Source: BleepingComputer

    These fake support numbers are posted not only to Chrome extension reviews but also to sites that allow anyone to create content, such as company forums and Reddit.

     

    While many of these posts are taken down as they are created, others are still available, with new ones created throughout the day.

     

    Source


    Hope you enjoyed this news post.

    Thank you for appreciating my time and effort posting news every day for many years.

    2023: Over 5,800 news posts | 2024 (till end of October): 4,832 news posts

    RIP Matrix | Farewell my friend  :sadbye:


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...