AVOIDING PHISHING SCAMS

1. Never tell your LastPass master password to anyone for any reason.
   No one at LastPass will ever ask you for your master password. Not by email, phone or fax. No way. Never.
   
   
2. Always use anti-virus, anti-malware, and firewall software.
   Protect yourself on all of your devices. Make sure virus definition files are up to date.
   
   
3. Never click links in emails unless you asked for them.
   
   
4. Be suspicious of incoming emails. Make sure the sender is really who they claim to be.
   Bad guys can easily forge email signatures. An email from 'LastPass.com' may not really be from us. It's best to stay suspicious!
   
   
5. Avoid using untrusted computers or networks
   Bad guys have lots of tricks, and any computer or network you aren't familiar with could be their playground. They install stuff like keylogging, screen capture, and traffic sniffing software. So beware!
   
   
6. Don't trust anyone claiming to be from LastPass who has personal or confidential information about you.
   When you signed up for LastPass, you may have entered personal information, but we have no way of ever reading or knowing such information. The only thing we know about you is your email address.
   
   
7. Use LastPass to fill login credentials for sites you visit.
   LastPass protects you against fake-website phishing attacks by only filling your credentials to actual sites. For example, suppose your bank's website is www.mybank.com. Along comes a scammer who sets up a fake site that's identical on the surface, but with a slightly different address: www.mybank1.com. Let's say you visit the bad guy's site at www.mybank1.com and don't notice it's a fake. You're safe, because LastPass recognizes the difference for you and doesn't fill in your username and password.
   
   
8. Always click on the LastPass browser extension icon to access your LastPass vault.
   If you don't have the extension, always type the address 'lastpass.com' into your browser's address bar. Otherwise you risk visiting a site designed by bad guys to look exactly like our real site.
   
   

Example Scam #1

You receive an email that appears to be from LastPass.com informing you that your account has been compromised. The email looks real and even includes accurate personal information about you. It asks you to click a link to reset your master password.

Here's how to protect yourself:

Example Scam #2

You get a call from someone claiming to be from LastPass.com. They tell you a server has failed and your data might have been lost. They give you their own employee ID number. They know some personal information about you: your address, your social insurance number, your date of birth, your maiden name, and even your credit card number. They ask you for your LastPass master password so they can safely copy and backup your data. Without your master password, they say, your data will be lost forever.

Here's how to protect yourself:

Example Scam #3

You receive an email from Jack Haythorn at LastPass.com. He says your account has been compromised. Jack leaves you his number and extension and asks you to reach out. You call the phone number and are greeted by a receptionist saying 'LastPass.com, how may I help you?' You are soon speaking with Jack, who tells you your full address and asks you to verify your identity by providing him the last 4 digits of your credit card number. Jack explains that your account has been compromised and temporarily suspended for your protection. He says he needs your LastPass master password so he can unlock your account.

Here's how to protect yourself:

Example Scam #4

You arrive at an Internet Cafe and find that the homepage for LastPass.com is already loaded in the browser.

Here's how to protect yourself: