Popular password manager LastPass has warned of a social engineering campaign using fake reviews on its Chrome Web Store app page. A threat actor appears to be submitting reviews where they direct customers to a fake number controlled by the threat actor.

The reviews are misleadingly crafted to instill trust, aiming to attract LastPass users who may be experiencing issues. They advise contacting “LastPass online customer service,” which is neither operated nor sanctioned by LastPass. The scam kicks off when users dial this number, only to be connected with individuals impersonating LastPass representatives.

Scammers then direct victims to a website, dghelp[.]top, and instruct them to enter a code to download remote support software. The software, identified as a ConnectWise ScreenConnect agent by VirusTotal, provides the scammer with complete access to the user’s computer.

Once granted access, scammers can infiltrate sensitive files, potentially exposing personal data and financial information.

“We are working to disrupt this campaign by having the reviews removed and getting the phishing website taken down. At this time, we are only aware of these types of fake posts on the Google Chrome Web Store app page,” LastPass wrote in a blog post.

According to BleepingComputer, the number linked to the fake support scam appears to be part of a widespread campaign that targets customers of major companies, including Adobe, Facebook, Hulu, Roku, PayPal, Squarespace, and Capital One.

The fraudulent phone number linked to this scheme has been promoted in various places, including Chrome extension reviews, Reddit threads, and other content-creation platforms, the cybersecurity news site notes.

In other news, identity and access management giant Okta disclosed a vulnerability in its AD/LDAP Delegated Authentication (DelAuth) product, which allowed users to access accounts without a password if they entered a very long username—at least 52 characters—and a cached key from a previous login session was still present. This issue, impacting only the AD/LDAP DelAuth version as of July 23, 2024, has since been patched.