New phishing campaign affects LastPass and Bitwarden users: Password manager customers are warned not to fall for this scam



  • Attackers are spoofing LastPass and Bitwarden with phishing emails from fake newsletter domains, tricking users into signing fake DocuSign documents.
  • Victims are redirected to malicious “enforcement” domains flagged by Microsoft Defender and Cloudflare, which are already offline.
  • None of the password managers were breached; This is domain spoofing and users are urged to verify sender addresses and domains before clicking on links.

Criminals have been found impersonating popular online password managers LastPass and Bitwarden in an attempt to trick users into sharing their login credentials to gain access to a trove of passwords and other secrets.

LastPass recently issued a warning to its customers, raising awareness about the ongoing phishing campaign.

Leave a Comment

Your email address will not be published. Required fields are marked *