Key Findings Attackers are impersonating LastPass in an active phishing campaign that aims to steal users' master passwords. The phishing emails claim there is urgent LastPass maintenance and urge users to back up their password vaults within 24 hours. The malicious emails use subject lines referencing infrastructure updates, vault security, and missed deadlines to trick victims. The phishing links lead to an Amazon S3–hosted page that redirects to a fake LastPass site design
