Showing results for 
Search instead for 
Did you mean: 
New Contributor

Whoa... real security flaw, no? Auto-login to phishing scam

Is it me and my settings?


Twice this week, I guess my friends' FB accounts got hacked because I got a "look at this video" sent to me and when I click it, it takes me to what looks like a FB login.  Since Lastpass offered to auto-fill, I went ahead without much thought.  I quickly realized I got phished and I changed all my passwords.  Then it happened again!  This time I didn't fall for it, and instead grabbed a screenshot.  But why is lastpass offering to fill in facebook (and oddly amazon) logins for a clearly non-facebook (or amazon) domain?


image (2).jpg

GoTo Manager

Re: Whoa... real security flaw, no? Auto-login to phishing scam

Hi @bcsteeve,


Could you please click on my profile and private message me the link you are being sent? 


Glenn is a member of the GoTo Community Care Team.

Was your question answered? Please mark it as an Accepted Solution.
Was a post helpful or informative? Give it a Kudo!.

Free new user and admin training
New Contributor

Re: Whoa... real security flaw, no? Auto-login to phishing scam

The first time I clicked the link, it went straight there and ended up at the phishing site (I think

But this time it stopped and warns me first. It shows as but when I copy the link it is this:

I'm sorry I can no longer copy the link when it didn't warn the user first.

It is concerning to me that LastPass presented a Facebook login option on a 3rd party site. It is also showing my Amazon options... which makes me wonder if it is my settings somehow?
New Member

Re: Whoa... real security flaw, no? Auto-login to phishing scam

Subject: LastPass autofill for phishing scams


I'm sorry to hear that you and your friends have been targeted by phishing scams. It's important to be aware of the risks associated with clicking on links in emails and text messages, even if they come from people you know.

As for why LastPass offered to autofill your Facebook and Amazon logins for a non-Facebook and non-Amazon domain, it's possible that the phishing website was using a technique called domain spoofing. Domain spoofing is a type of phishing attack where the attacker creates a website that looks like a legitimate website, but with a slightly different domain name. For example, the attacker might create a website called "facebook. com. example" instead of "facebook. com".

LastPass uses a variety of factors to determine whether to autofill login credentials for a website, including the domain name. However, if the phishing website is using domain spoofing, LastPass may not be able to tell that it's not a legitimate website.

To protect yourself from phishing scams, it's important to be vigilant and to verify the identity of a website before you enter your login credentials. Here are a few tips:

  • Never click on links in emails or text messages, even if they come from people you know. Instead, go to the website directly by typing the URL into your browser.
  • Be suspicious of any website that asks you for your login credentials, especially if it's a website that you don't normally visit.
  • Check the domain name of the website carefully. Make sure that it's the correct domain name for the website you're trying to visit.
  • Look for signs that the website is fake, such as poor grammar and spelling, or images that look blurry or distorted.

If you're ever unsure whether a website is legitimate, it's best to err on the side of caution and not enter your login credentials.

Medical billing for palliative care in Texas