LastPass Warns of Deepfake Phishing Attempt

LastPass has warned that one of its employees was targeted by a social engineering attack that used an audio deepfake that impersonated the company’s CEO.
Fortunately, the employee grew suspicious and avoided falling for the attack.
Mike Kosak, Senior Principal Intelligence Analyst at LastPass, explained in a blog post, “In our case, an employee received a series of calls, texts, and at least one voicemail featuring an audio deepfake from a threat actor impersonating our CEO via WhatsApp.
As the attempted communication was outside of normal business communication channels and due to the employee’s suspicion regarding the presence of many of the hallmarks of a social engineering attempt (such as forced urgency), our employee rightly ignored the messages and reported the incident to our internal security team so that we could take steps to both mitigate the threat and raise awareness of the tactic both internally and externally.”
LastPass warns that the technology to create deepfakes is now widely available, so these types of attacks will likely continue to increase. Increasing awareness of these techniques is a crucial defense against these attacks.
“Deepfakes use generative artificial intelligence to leverage existing audio and/or visual samples to create a new and unique recording of a targeted individual saying or doing whatever the creator has programmed the deepfake tool to fabricate,” LastPass says.
“Deepfakes are often associated with political misinformation and disinformation campaigns, but the combination of the increased quality of deepfakes and the increased availability of the technology used to create them (there are now numerous sites and apps openly available that allow just about anyone to easily create a deepfake) has long been a concern of the private sector as well.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
LastPass has the story.
Free Phishing Security Test
Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

Here’s how it works:
- Immediately start your test for up to 100 users (no need to talk to anyone)
- Select from 20+ languages and customize the phishing test template based on your environment
- Choose the landing page your users see after they click
- Show users which red flags they missed, or a 404 page
- Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
- See how your organization compares to others in your industry
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/phishing-security-test-partner?partnerid=001a000001lWEoJAAW