Skip to content
logo The magazine for digital lifestyle and entertainment
A brand of Bild
CoBi Security All topics
Current Phishing

LastPass Warns of Scam Involving Deceased Family Members

Man Looks Horrified at a Laptop
Scammers are currently claiming that someone has uploaded a death certificate for a family member to LastPass (stock photo). Photo: TECHBOOK/ChatGPT
Share article

October 28, 2025, 2:45 pm | Read time: 2 minutes

The password manager LastPass warns of phishing attacks where criminals exploit the emergency access feature. The hackers claim that someone has uploaded a death certificate.

LastPass, a password management service, offers a feature that allows users to set up emergency access. This lets users designate who can access important digital accounts if the user dies or is absent for an extended period. However, this security measure is currently being abused by criminals.

Fake Requests as a Fraud Method

In a recent blog post, LastPass warns of a phishing campaign exploiting this feature. Criminals pretend that the user has died and send fake emails supposedly from LastPass support. The subject of these emails often reads: “Legacy Request Opened (URGENT IF YOU ARE NOT DECEASED).” The message claims that a relative has already submitted a death certificate to gain access to the passwords.

The emails are professionally crafted and include details like case number, handler ID, and a priority level to create an appearance of authenticity. Through an embedded link, recipients are directed to a fraudulent site where they are asked to enter their master password to cancel the request.

More on the topic

Phishing Sites and Social Engineering

The emails also warn that LastPass employees would never ask for the master password in order to build trust. In some cases, a phone call is part of the scenario: The perpetrators pose as LastPass support and urge the entry of sensitive data.

Behind these attacks is the hacker group CryptoChameleon, also known as UNC5356. This group has previously targeted users of crypto services such as Binance and Coinbase. LastPass itself was targeted by this group in 2024, using similar methods.

LastPass responded quickly and had several identified domains blocked. However, the company warns that attackers can quickly switch to other addresses. Affected individuals should report suspicious emails, texts, or calls.

Users should not click on links in suspicious messages, never disclose their master password, and activate two-factor authentication to enhance the security of their accounts.

This article is a machine translation of the original German version of TECHBOOK and has been reviewed for accuracy and quality by a native speaker. For feedback, please contact us at info@techbook.de.

You have successfully withdrawn your consent to the processing of personal data through tracking and advertising when using this website. You can now consent to data processing again or object to legitimate interests.