A phishing campaign that began around January 19, 2026 is impersonating LastPass with fake “scheduled maintenance” emails that pressure recipients to back up their vault within 24 hours. The message tries to create urgency and looks helpful (step-by-step “how to export your vault”), but the “Create Backup Now” button leads to credential-stealing phishing pages, not any legitimate LastPass site.

LastPass and Malwarebytes both stress the core safety rule: LastPass will never ask for your master password and won’t demand immediate action on a tight deadline. The recommended defenses are straightforward: don’t click links in unexpected emails, log in by typing the official site/app yourself, and report suspicious LastPass-branded emails to abuse@lastpass.com so they can help take down the infrastructure and warn others.

Source: https://www.malwarebytes.com/blog/news/2026/01/fake-lastpass-maintenance-emails-target-users