A new scam is popping up in inboxes disguised as an official LastPass email. Be wary of official-looking LastPass emails telling you that your account has been compromised, or that you need to download a “security patch” to regain access to your account.

This scam is particularly dangerous because it makes use of official LastPass branding, and email addresses and links that look legitimate. However, clicking any of the links or downloading any attachments will result in malware infecting your computer and allowing the scammers to steal your information. 

If you receive one of these emails, do not click on any links and do not download any attachments. 

If you suspect that an email is fraudulent, check the Phish Bowl. Report a suspected phish with PhishAlarm. You can always consult with your IT support staff or the IT Service Desk if you’re not sure whether an email is legitimate, or if you should take the actions it recommends. 

If you believe you have been tricked into clicking a potentially dangerous link or attachment, contact Cornell's IT Security Office at itsecurity@cornell.edu. If you think your Cornell NetID has been compromised, immediately change your password, then contact the IT Security Office.

Learn how to identify suspicious emails so you can protect yourself from phishing attempts just like this LastPass scam.