I call this attack LostPass. The code is available via Github. LostPass works because LastPass displays messages in the browser that attackers can fake. Users can’t tell the difference between a fake LostPass message and the real thing because there is no difference.

Read More

Advertisements