Posted by - April 18, 2024

Details of the Attack

In a recent blog post, LastPass revealed the details of an attempted AI driven scam. An employee received multiple WhatsApp communications, including calls, texts, and a voice message, purportedly from the company’s CEO, Karim Toubba.

Recognizing the communication as unusual and potentially fraudulent, they promptly reported it to the internal security team, preventing any compromise of sensitive information.

Utilizing AI voice-cloning technology, scammers attempted to manipulate trust and exploit vulnerabilities within the company. Fortunately, LastPass’s emphasis on employee awareness and a culture of security enabled swift detection and response.

Deepfake Scams on the Rise

As LastPass noted in their blog post, such attacks are becoming increasingly prevalent. The use of deepfake technology, as seen in a recent $25 million scam in Hong Kong, underscores the potential consequences of these sophisticated tactics.

The aftermath of the 2022 breach has undoubtedly left LastPass employees on edge regarding potential security risks. However, the recent thwarted scam demonstrates the importance of skepticism and critical thinking in mitigating such threats.

Lessons Learned

LastPass’s experience serves as a cautionary tale for security startups and established organizations alike. In an era of evolving cyber threats and sophisticated scams, maintaining a proactive approach to security is paramount. By fostering a culture of security awareness and leveraging advanced technologies, organizations can defend against AI-driven scammers and safeguard sensitive information effectively.

Wary of vulnerabilities in your network? Claim your free consultation today by calling 703-790-0400 or emailing

Leave a Reply

Your email address will not be published. Required fields are marked *