Fake LastPass Emails Impersonate Password Vault Backup Alerts in New Phishing Campaign
Jan 22, 2026
LastPass has issued a warning about a new phishing campaign targeting its users with deceptive emails that urge recipients to “back up” their password vaults under the guise of an urgent maintenance alert.
According to LastPass’s Threat Intelligence, Mitigation, and Escalation (TIME) team, attackers began sending these phishing messages around January 19, 2026 — cleverly designed to look like official LastPass communications and prompt users into clicking malicious links.
What the Phishing Emails Claim
The fraudulent messages tell recipients that an infrastructure maintenance event is imminent and that they must create a local backup of their encrypted password vault within 24 hours to avoid losing access. If users follow the link, they are redirected to an illegitimate site that likely aims to harvest their LastPass master password and account credentials.
Here’s how the scam unfolds:
Aspect | Details |
|---|---|
Phishing Start Date | ~January 19, 2026 |
Sender Addresses Observed | support@lastpass.server8, support@sr22vegas.com and similar variants |
Sample Email Subjects | “LastPass Infrastructure Update: Secure Your Vault Now” |
Attack Technique | Brand impersonation phishing that lures users to a fake “backup” page |
Landing Domain | mail-lastpass[.]com (reported phishing site — offline at time of writing) |
Objective | Likely credential theft, especially master passwords |
LastPass Clarifies: It’s a Scam
LastPass has explicitly stated that it will never ask customers to back up their vaults within a tight timeframe, nor will it ever request the master password in an unsolicited email.
The company also encouraged users who receive suspicious messages to report them to abuse@lastpass.com.
The attackers appear to have launched this campaign over a holiday weekend in the United States, a tactic often used by threat actors to delay detection and response due to reduced staffing.
Why This Matters
Phishing remains one of the most effective vectors for credential theft because it manipulates trust and urgency. Password managers like LastPass are high-value targets for attackers because breaching a single master password can unlock multiple stored credentials across services.
This campaign is the latest in a string of social-engineering attacks targeting LastPass users — including prior scams involving fake breach alerts and fraudulent “legacy access” notifications designed to lure users into giving up credentials.
Recommendations to Stay Safe
To minimize the risk of falling for similar scams:
Always verify the sender’s email address and domain.
Never click links in unsolicited emails that urge urgent security actions.
Navigate directly to LastPass’s official site or app for account tasks.
Enable multi-factor authentication (MFA) on your password manager account.
Report phishing attempts to LastPass and relevant abuse contacts.
Staying vigilant is key — attackers will continue to leverage trusted brands to exploit user trust and urgency.
Disclaimer: ClearPhish maintains a strict policy of not participating in the theft, distribution, or handling of stolen data or files. The platform does not engage in exfiltration, downloading, hosting, or reposting any illegally obtained information. Any responsibility or legal inquiries regarding the data should be directed solely at the responsible cybercriminals or attackers, as ClearPhish is not involved in these activities. We encourage parties affected by any breach to seek resolution through legal channels directly with the attackers responsible for such incidents.
