LastPass – one of the leading password management services around – is sounding the alarm. Starting January 19, 2026, new phishing emails will begin to appear, and users should be on the lookout. This new campaign tries to trick users into giving up their master passwords by falsely announcing upcoming maintenance. LastPass stresses that it will never ask users to provide their master password or set short deadlines to comply.
In the phishing operation, crooks target schools with emails marked as urgent. They only give recipients 24 hours to establish a local backup of their password vaults. Users who fall for the ruse are directed to a phishing site designed to mimic LastPass, with the URL “group-content-gen2.s3.eu-west-3.amazonaws.com/5yaVgx51ZzGf.” Unsurprisingly, this site ultimately redirects users to another domain, “mail-lastpass.com,” making the hook more sinister with the malicious intent of phishing.
Nature of the Phishing Campaign
The phishing emails exploit a common tactic in cyber scams. Creating a false sense of urgency. This kind of approach aims to trick users into taking very fast action without thinking. Doing so puts them at risk of compromising their security.
“This campaign is designed to create a false sense of urgency, which is one of the most common and effective tactics we see in phishing attacks,” stated a spokesperson for the Threat Intelligence, Mitigation, and Escalation (TIME) team at LastPass. The company has seen these same tactics used in other campaigns, which shows there’s a pattern in the way these threats are released.
LastPass and other industry partners are continuing to work with our third-party partners to take down the malicious infrastructure that drives this entire campaign. After we removed the bad URLs they were using in earlier attacks, the attackers adapted almost immediately. They wrote new URLs to save the campaign and ensure their work continued.
Ongoing Security Concerns
Besides the deceptive phishing emails, LastPass has warned users about an information-stealing campaign that has been actively targeting anyone using Apple macOS. The threat This campaign uses fraudulent GitHub repositories to install malware-ridden programs masquerading as LastPass and other popular software apps.
In response, the social media company has been one step ahead in warnings on these threats. They first warned users of the information-stealing campaign almost six months ago. As security threats continue to change, LastPass is dedicated to teaching its millions of users how to identify and steer clear of these scams.
“We want customers and the broader security community to be aware that LastPass will never ask for their master password or demand immediate action under a tight deadline.” – LastPass