Remembering hundreds of strong passwords is actually impossible unless you are some kind of scientist. What to do? Fine, access keys are a great alternativebut they are far from universal… so some kind of password management system is practically necessary. But they put all your passwords at a single point of failure, which can become a target for hackers. This is currently happening with LastPass and Bitwarden.
According to the company, a major phishing campaign is targeting both of these popular cross-platform password management systems. BleepingComputer report. LastPass has confirmed a campaign that is sending out mass emails claiming that password managers have been hacked and that they are sending out new desktop programs to improve security. For the record, it appears that neither LastPass nor Bitwarden have been hacked as of this writing (at least not recently). These are fake messages trying to get you to install a remote access program, supposedly to steal your data.
Interestingly, the massive phishing campaign uses legitimate remote access tools—Syncro, which is an alternative to programs like LogMeIn or Windows Remote Desktop—hidden in a malicious download. BleepingComputer also reports an apparently separate 1Password phishing campaign that began last week. Cloudflare has blocked access to at least some of the links in these emails.
Remember: if someone gets into your inbox and says you need to download something or log in to confirm, double check the sender's email address and never click on these direct links. Browse the company's public web page to verify and log in manually through a separate window, browser, or even device.
