Product Communities
Sign In Register

Phishing Warning on Extension

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Getting started | Community guidelines

Phishing Warning on Extension

0 Kudos

Phishing Warning on Extension

Status: New Submitted by on ‎05-20-2022 11:38 AM
2 Comments (2 New)

IMO, LastPass should have bought many of the look-alike and easily mistyped domains a long time ago. lasspass.com, laspass.com, latpass.com, lasypass,com, etc.
But since you haven't done this, the least you could do is throw a big warning via the extension when a user visits a domain like this. 
For years I have personally setup LP like websites on a similar domain for my internal team's training... sending phishing emails to their accounts with links to the bad domain... that looks like lastpass... but isn't. It's a good exercise in watching just how simple it is for someone to give away credentials to the castle. Even without email phishing, a rouge entity can setup like-domains, and people attempting to go directly to a website but mistype it, could easily wind up being detrimental.
With other checks in place for my business, and the training I provide, I am not too worried about this internally. But I do have great concern for the countless other personal use users you have that are not aware.
While password managers are great, it's comes at a huge cost as well. Everything is centralized. This is one of the easiest ways users are going to lose their stuff to hackers. You should have been on top of this a long time ago imo.

2 Comments
AshC
GoTo Moderator
GoTo Moderator
‎06-16-2022 07:03 PM
‎06-16-2022 07:03 PM
Status changed to: New

@fchamberlain752  Thanks for your feedback. 

 

Unfortunately there are many ways to create new, related sub-domains for LastPass services, so what we do is immediately move to block any new variations that we find.  Should you ever come across a new phishing attempt or have concerns with one domain that LastPass uses officially, please continue to let us know so we can take action internally. 

fchamberlain752
New Contributor
‎06-16-2022 09:02 PM
‎06-16-2022 09:02 PM

Thanks for the response.
However, it wouldn't be hard to build a small script, built into your extensions, looking for close variations in domain or sub-doman for any pages visited, and producing a warning upon a user visiting. 
This is proactive, not reactive, action on your part, and could be helping you be proactive about finding these variations as well. Just allow users to opt-in on the extension settings.

About Us
Terms of Service
NEW Privacy Policy
Trademark
© 2023 LogMeIn, Inc. All Rights Reserved