LastPass Clients, Watch Out For This Phishing Scheme

monochrome photo of two people having a video call

I, along with many, many others, was affected by several of LastPass’s data breaches. So, earlier this year, I shifted over to another product.

So, when I saw this in my email the other day, my suspicions were raised.

Besides no longer being a LastPass customer, the sender’s email was a huge red-flag.

Ah, there’s a link! I always recommend people do in these circumstances is hover over links in email. In the lower left-hand corner, you can see the actual link. *Note, this is not a a LastPass site.

I’m quite confident that these hackers got my information from the dark web, but found that I’ve changed all my passwords, as well as shifted away from LastPass. It’s a rather convincing email phishing for information.

So, I wanted to share this for a few reasons. Mainly, for my fellow LastPass breachees, watch for these sorts of scams. Hackers can use information in multiple ways, not just with accessing your sites with stolen credentials. Also, there are some good tools to use in any suspicious email. My main advice: never click on a link unless you’re 100% certain it’s valid. Reach out to the send via phone/text if you’re in doubt.

Anyway, be wary my friends. If you’ve ever been part of a data breach (is there anyone who hasn’t?), expect that the information collected will be used against you.

Microsoft Security Issue

woman in black hoodie holding a bank card

Over the past few days, I’ve been receiving multiple emails from Microsoft’s Account Team with single-use codes. At first, I assumed that my son or wife was trying to access the account. And the folks at Microsoft added the text “If you didn’t request this code, you can safely ignore this email. Someone else might have typed your email address by mistake.” But I started to get concerned as the number of these messages increased and no one said “hey dad, I can’t get in the Office”. Finally, I decided it was time to figure out what was going on.

So, I first logged into my Microsoft account (account.microsoft.com) and went to the security panel. From there I opened “View My Activity”.

What I saw alarmed me. There multiple attempts to log in from places like Vietnam and Guyana.

Now, I was pretty confident in my account’s security. I update my password regularly and use a strong password. And when I looked at the “session activity” it states that “incorrect password entered”. Which seems pretty solid. I’m pretty sure that an old password has been leaked from a data breach and is in some list available on the dark web.

But I think it’s not adequate. Exploring further, I realize that I had not yet enabled two-factor authentication, nor connected it to my authentication app. So, I fixed that promptly. I firmly believe everyone really should do these steps for all their account. Do you know where to do that? I thought I’d help out by adding the steps.

One enables that from the Advanced security panel.

I encourage all of you to make sure your security settings are using the most up-to-date protocols:

  • Multifactor authenication
  • Authentication Apps
  • Pass Keys

Also, I opted to sign out of EVERY app. Yeah, it’s a bit of a pain, but I don’t want to have my information compromised. I like that I can do that from the control panel.

Anyway, we really can’t be too safe on today’s internet, can’t we?

Have you seen a spike in Microsoft Single Use Code emails that are not from you? Let me know in the comments.

Oh, Lord…LastPass

I’ve used LastPass for several years now. Even through a couple of data breaches. But this latest saga, especially with the, *ahem*, lack of transparency in their communications eroded my trust in the app. After looking over several options (if you’re looking, check out PCMag’s list of Best Password Managers), I opted for NordPass.

With all that, yesterday, this video came into my YouTube feed:

If you’re still on LastPass, why!?

It’s a rather snarky rendition of how LastPass failed in their security controls. Anyway, it reminded me of my frustrations with them. I was willing to turn a blind eye to many of their issues due, well, laziness. Porting to a new provider was going to be a pain the…you know. However, a friend of mine’s information was released in this hack, and it was brutal. This was the tipping point for me, watching the impact of this for a friend’s business.

This finally motivated me to shift to Nordpass. It turned out that the transition was nowhere near as hard as I imagined. So, so far, I find the tool works fine and have no problem recommending them. It’s only based on a few weeks of experience, though. I’ll keep exploring it further.

Anyway, I hope you have great weekend plans.