LastPass Warns of Deepfake Phishing Attempt

LastPass Warns Deepfake Phishing

Password Manager software developer LastPass warned that one of its employees was targeted by a social engineering attack that used an audio deepfake which impersonated the company’s CEO.

Fortunately, the (trained) employee grew suspicious and avoided falling for the attack. You can count on the fact that other password manager software companies are attacked as well. 

Mike Kosak, Senior Principal Intelligence Analyst at LastPass, explained in a blog post, “In our case, an employee received a series of calls, texts, and at least one voicemail featuring an audio deepfake from a threat actor impersonating our CEO via WhatsApp.

As the attempted communication was outside of normal business communication channels and due to the employee’s suspicion regarding the presence of many of the hallmarks of a social engineering attempt (such as forced urgency), our employee rightly ignored the messages and reported the incident to our internal security team so that we could take steps to both mitigate the threat and raise awareness of the tactic both internally and externally.”

LastPass warns that the technology to create deepfakes is now widely available, so these types of attacks will likely continue to increase. Increasing awareness of these techniques is a crucial defense against these attacks.

“Deepfakes use generative artificial intelligence to leverage existing audio and/or visual samples to create a new and unique recording of a targeted individual saying or doing whatever the creator has programmed the deepfake tool to fabricate,” LastPass says.

“Deepfakes are often associated with political misinformation and disinformation campaigns, but the combination of the increased quality of deepfakes and the increased availability of the technology used to create them (there are now numerous sites and apps openly available that allow just about anyone to easily create a deepfake) has long been a concern of the private sector as well.”

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

LastPass has the story.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews