In a concerning development, LastPass, the well-known password management service, has notified its users about a sophisticated social engineering scam that exploits fake reviews on the Chrome Web Store. Unscrupulous hackers are posting seemingly authentic 5-star reviews for the LastPass Chrome extension, embedding them with a fraudulent customer support phone number. When unsuspecting users dial this number, they are connected to scammers impersonating LastPass representatives. These con artists listen to users’ issues and collect sensitive device information, then direct them to visit a dubious website, dghelp[.]top.
Further complicating matters, these fake support numbers appear on other platforms permitting user-generated content, spreading the risk beyond the Chrome Web Store. In response, LastPass is rigorously working to eliminate fraudulent reviews and phishing websites. The company is emphatic in its communication that it will never request users’ master passwords under any circumstance. Users are urged to seek assistance exclusively via the official LastPass website. Should anyone come across suspicious emails or phone numbers, they are advised to report them immediately to [email protected].
This situation isn’t the first cybersecurity challenge for LastPass, which faced significant breaches in 2022 that led to the exposure of customer data and source code. In the aftermath, the company has been steadfast in its efforts to rebuild trust and bolster its security protocols. Despite these incidents, LastPass remains committed to refining its defenses against evolving social engineering techniques. The company underscores the vital role of user vigilance in safeguarding cybersecurity, reminding the community that no security system is impervious without active participation from its users.