LastPass has issued a warning regarding scammers promoting a counterfeit support phone number in the reviews of its Chrome extension. These scammers aim to gain access to users’ computers and steal sensitive data.

The scammers are using 5-star reviews to promote a phone number, 805-206-2892, which is not affiliated with LastPass. Users facing any issues are urged by these reviews to call this number and when they do, the scammers impersonate LastPass support and direct them to a fraudulent website, dghelp[.]top. Callers are then asked to download a remote support program after entering a provided code. This software, reported to be a ConnectWise ScreenConnect agent by BleepingComputer, allows the scammers full access to the caller’s computer.

Once the software is downloaded, one scammer keeps the user engaged while another uses ScreenConnect in the background to install additional remote access tools and potentially steal data. The program connects to attacker-controlled servers at molatorimax[.]icu and n9back366[.]stream, previously linked to an IP address in Ukraine before being masked by Cloudflare.

This fake support number is reportedly part of a larger scam campaign targeting multiple companies beyond LastPass, like Amazon, Facebook, and PayPal. Fake support numbers have been posted on various platforms, such as company forums and Reddit, as well as in Chrome extension reviews. Many posts promoting these numbers are removed shortly after they’re published, but new ones appear frequently, making it challenging to contain the spread of the scam.

LastPass users are reminded not to share their master password with anyone, as it will grant access to all their saved passwords and any other sensitive data kept in LastPass vaults.

Android users should also ensure their LastPass app is updated, as LastPass 5.11.0.9519 was found to be vulnerable to a flaw dubbed “AutoSpill”.