cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
New Contributor

Whoa... real security flaw, no? Auto-login to phishing scam

Is it me and my settings?

 

Twice this week, I guess my friends' FB accounts got hacked because I got a "look at this video" sent to me and when I click it, it takes me to what looks like a FB login.  Since Lastpass offered to auto-fill, I went ahead without much thought.  I quickly realized I got phished and I changed all my passwords.  Then it happened again!  This time I didn't fall for it, and instead grabbed a screenshot.  But why is lastpass offering to fill in facebook (and oddly amazon) logins for a clearly non-facebook (or amazon) domain?

 

image (2).jpg

2 REPLIES 2
Highlighted
LogMeIn Manager

Re: Whoa... real security flaw, no? Auto-login to phishing scam

Hi @bcsteeve,

 

Could you please click on my profile and private message me the link you are being sent? 

 

Glenn is a member of the LogMeIn Community Care Team.

Was your question answered? Please mark it as an Accepted Solution.
Was a post helpful or informative? Give it a Kudo!
Highlighted
New Contributor

Re: Whoa... real security flaw, no? Auto-login to phishing scam

The first time I clicked the link, it went straight there and ended up at the phishing site (I think
https://admiring-bassi-4e3aa6.netlify.app/)

But this time it stopped and warns me first. It shows as https://ya.co.ve/pQY but when I copy the link it is this:

https://m.facebook.com/flx/warn/?u=https%3A%2F%2Fya.co.ve%2FpQY&h=AT1wHMDHWjPP_YdRLpPKndidMKLAgHOwBa...

I'm sorry I can no longer copy the link when it didn't warn the user first.

It is concerning to me that LastPass presented a Facebook login option on a 3rd party site. It is also showing my Amazon options... which makes me wonder if it is my settings somehow?