Security apps have become increasingly essential for authentication, protecting user accounts from dangerous cyberattacks. However, these apps are also prime targets for scammers. Recently, cybersecurity company LastPass in the United States issued a warning about phishing scams targeting security apps. Hackers are impersonating customer support staff to trick users into downloading malicious apps, which then attack devices and steal sensitive personal information.

Beware of phishing scams impersonating customer support staff

Scammers are attempting to reach LastPass users by leaving fake comments and reviews with misleading information. They impersonate customer support staff and provide a phone number as a means of official support contact, leading users to trust them and reach out for assistance with the LastPass app. Once the victim contacts the provided phone number, they are immediately sent a link to a fake app and instructed to download it to fix issues with the LastPass app. Trusting and unaware, many users download the fake app via the link, unaware that it contains malware designed to monitor and remotely control their device, steal important accounts, and take control of the device.

With this impersonation scam, attackers can strike anytime and anywhere. The consequences can be severe, including loss of assets, loss of control, or exposure of sensitive data and personal information. Once they have control of accounts and devices, the scammers can carry out unauthorized transactions without notifying the victim. Additionally, they can replicate actions and steal important information, selling it to external parties, which damages the victim's reputation and trustworthiness. 

How to prevent phishing scams and impersonation attacks

In response to the increasingly sophisticated phishing tactics, HPT's cybersecurity experts have provided recommendations for users to follow in order to prevent and minimize potential cybersecurity risks.

Increase awareness and be cautious

Scam tactics are continuously evolving and becoming more sophisticated, making them harder to detect. Users need to stay alert to these fraudulent schemes and regularly update themselves with the latest news from HPT to learn how to protect themselves from new scam tactics.

Do not click on suspicious links

Users should avoid accessing applications or any unfamiliar links from websites, emails, or messages from unreliable sources. This helps prevent falling victim to scams that could lead to information theft.

Enhance security with YubiKey

YubiKey is a physical security key with high security, supporting two-factor authentication and passwordless login, preventing phishing attacks and password theft. YubiKey ensures that only the owner of the security key can access your account, providing maximum protection for user accounts.