Lastpass has recently reported a new social engineering campaign targeting its users through fake reviews on the Chrome Web Store. Attackers are posting false reviews on the Lastpass application, urging users to call a fake number for supposed technical support.
According to Lastpass, scammers are leaving reviews on the Google store, prompting users to contact a fake support number. When users call the number, the operator asks about the product the user is having difficulty with, followed by questions about the type of device and operating system being used. Users are then directed to the Dghelp.TOP website, where personal data may be compromised.
Lastpass has identified these fake reviews and is taking steps to block the malicious site. Currently, the fake reviews are only found on the Lastpass application page on the Google Chrome Web Store, with identical text but varying user names.
Lastpass reminds users that its employees will never ask for master password information. Users seeking support should only contact Lastpass through their official website. If there are any doubts about the authenticity of a phone number or email, users are encouraged to reach out through the company’s official channels and exercise caution.