LastPass Password Phishing Exploit

The LastPass password phishing exploit could trick users into giving away their password.

LastPass password phishing exploitIf you use LastPass check this exploit out at The Hacker Blog and IT Pro. It involves unscrupulous people phishing for LastPass passwords.

Update for LastPass Password Phishing Exploit

This issue is now fixed for all the latest versions of Lastpass on Chrome & Internet Explorer at least.

Phishing Email NOT From TESCO Bank

This phishing email proclaims to come from:

Tesco Personal Finance customerservice@consumercardservicing.tescofinance.com.

As you can see from the image of the email content below if you were to click on the link:

http://www.tescobank.co.uk/1/2/TESCOCAM10;&user=% colin.ride@btinternet.com % you will not go to a Tesco website. Look carefully and you will see that the real URL behind the embedded link is displayed above the hand pointer when the hand hovers over the link in the text.

Tesco Bank Phishing Email 1

In the facsimile above the obscured paragraph reads:

During our regularly scheduled account maintenance and verification
procedures, our records show your Tesco Credit Card Account registered
to email user ” < the recipient’s email address > ” has been inactive for some days.
To securely confirm and reactivate your account please click on the link bellow:

You will in fact go to:

http://www.4gamer.es/images/tools/testes/tes1/login4.htm

This is not somewhere I’m going and I wouldn’t advise anyone to go there. You might pick up a nasty cold. It looks like a games website in Spain (the domain is “es”). I presume the page looks like a Tesco Finance log-in page. When you enter your log-in credentials the owner of the page can save them and use them to log-in to your real Tesco Finance account and play a dirty trick on you.

This email was delivered to my MS Outlook Inbox from a btinternet.com account. It wasn’t picked up by them as spam nor was it detected by Norton Internet Security, presumably because it is a new kid on the block.

I have forwarded the email to TESCO Bank for their perusal.

So now you know how to check a suspect email. Good luck and watch out.