Security concern with your marketing emails!

Have questions about LastPass, or having problems using it? Ask for help here!

Moderators: admin, anatoly_LP, chantieLP, Israel, JoeSiegrist, robyn

Security concern with your marketing emails!

Postby everth480 » Wed Aug 21, 2019 9:54 pm

Hi Last Pass!

I am very concerned about the design of your marketing emails you are sending out. This is a significant issue!
Your emails contain action links to log into my account or action links to add features etc.

This is terrible! Think about the barn door to getting user vaults hacked you are opening with this!!!

There is no bank that will send emails with links to log into your bank account - ever! Why? Because we all get very high quality fake phishing emails daily pretending to come from our bank and suggesting to us to use the embedded link to log into our account.... And you know this is part of the billion dollar hacking fraud that is going on globally as you will be sent to an attackers lookalike website where you then inevitably hand over your bank password.

Now having your Last Pass vault compromised by hackers could arguably be much worse than having your bank account hacked!

So after you have been sending dozens of marketing emails to your customers with links embedded to log into their accounts, it would take a normally skilled hacker not a lot of imagination on how to impersonate your company in a phishing mail. Especially if that hacker knows exactly how your emails look like because he has a LastPass account himself as he would, in order to know exactly how you work.

So by sending your own marketing SPAM with action links to customers you are setting the stage for a significant attack on many of your customers accounts who by now may trust to click on the embedded links.

So please think this through very carefully what you have started there. Again: No bank worth their salt will send marketing emails or any emails to customers with action links to log into accounts - EVER!

You should at least be that safe. It is disappointing that your security awareness has not caught this and that you have a marketing arm that is acting as it seems without clearance from your security engineers. Whats going on??

Thomas Everth
everth480
 
Posts: 1
Joined: Wed Aug 21, 2019 9:34 pm

Re: Security concern with your marketing emails!

Postby jpenny84 » Wed Aug 21, 2019 11:04 pm

everth480 Wrote:
There is no bank that will send emails with links to log into your bank account - ever! Why? Because we all get very high quality fake phishing emails daily pretending to come from our bank and suggesting to us to use the embedded link to log into our account.... And you know this is part of the billion dollar hacking fraud that is going on globally as you will be sent to an attackers lookalike website where you then inevitably hand over your bank password.



I checked several of my bank and credit card emails and every single one of them had embedded links that led directly to a login page. These are major institutions too, not small town credit unions. I agree that links like that are a poor security practice, but lots of banks do this, and the links aren't going away anytime soon.

Most people are going to log in to their LastPass account through the extension, or application. For web logins, LastPass at least has an extended validation certificate. In addition, there is an unknown device or location verification by default in addition to any multifactor authentication to protect the account.
jpenny84
 
Posts: 8664
Joined: Tue Mar 06, 2012 9:10 pm


Return to General Support & Troubleshooting

Who is online

Users browsing this forum: Google [Bot], Google Feedfetcher and 49 guests