Cyber criminals get on the phone for master passwords
The bad guys are coming after your master password now, and they are rather persuasive.
The bad guys are coming after your master password now, and they are rather persuasive.
According to a report on Dark Reading, some LastPass users have been persuaded to hand over their master password.
Password managers
Password managers store all of a user's password, from social media accounts, online services, internet banking - and more.
I use a password manager myself to generate and store lengthy, random passwords. Access to it is in turn protected by a master password I memorise.
Some popular password managers are: 1Password, Bitwarden, or LastPass.
Turns out that some cyber criminals have switched to gaining access to master passwords of password managers.
Gunning for your master password
How it works:
- Automated call from spoofed number.
- A real person calls next.
On the call, the person with impeccable call centre manners and script will engage in conversation and offer genuine cybersecurity advice.
Calls can go over 20 minutes.
Fake support agent will eventually inform victim of an incoming email, which is to purportedly reset access to their password manager.
- But it's a phishing email.
- Links to copycat site under their control.
- Will talk victim through multifactor authentication.
Once in control of account, they will immediately change the password manager's phone number, email address, and master password.
Nightmare starts.
No one is immune
Nobody is immune to scammers and cybercriminals. According to the report, one victim was a retired IT professional.
This victim said: "I've gotten training my whole life to not fall for these kinds of attacks. Somehow I fell for it."
The best way to protect yourself is to stay informed, be vigilant, and please don't anyhow click on links.
Do you use a password manager? Actually, don't answer me here.