Fake LastPass iPhone app scam — what you need to know

News
By Anthony Spadafora
last updated

Downloading a fake password manager app can lead to major security issues

LastPass logo on iPhone
(Image credit: Shutterstock)

Even though you may have downloaded them from an official app store, fake apps can lead to all sorts of problems, from fraudulent charges to malware being downloaded onto your smartphone. But what if the fake app in question is impersonating one of the best password managers?

In a blog post on its site, LastPass is warning users that a fake app is impersonating the popular password manager on the Apple App Store. The app in question tries to copy LastPass’ official app down to a T by using the company’s branding and mimicking its user interface.

However, if you look close enough, you’ll notice that the fake app is called “LassPass” and not “LastPass”. Unfortunately though, due to the way in which our brains are wired to read, unsuspecting LastPass users may have accidentally downloaded this fake app. The reason being is that its name plays on typoglycemia, or the phenomenon where when a word has the correct first and last letter but the letters in between them are wrong, we still read it correctly.

Fortunately, this fake “LassPass” app has now been removed from the App Store but if you did download it and try to log into your account, you could be in trouble. Here’s everything you need to know along with some steps on how to avoid falling for fake apps in the first place.

The worst kind of fake app

Other fake apps can’t do nearly the amount of damage that one impersonating a password manager can. This is because a password manager is used to store all of your credentials across a wide variety of sites and online services.

At the moment though, we don’t know whether or not this fake “LassPass” app — developed by Parvati Patel with a privacy policy hosted at blunee[.]com — was able to steal the login credentials or master passwords of LastPass users. If it was though, this could have serious implications for any LastPass user that accidentally downloaded it.

With your master password in hand, the creators of the app could access your LastPass password vault and from there, gain access to all of the credentials you’ve stored within it. From here, they could lock you out of your social media accounts and worse, drain your bank accounts.

If you did happen to download this fake LastPass app, then you’re going to need to change all of your passwords ASAP. If you still have access to the password manager, you’re in luck as it includes the ability to automatically change many of your passwords. If you don’t though, you’re going to have to do this manually which can be a tedious and time-consuming process. Still though, it beats losing access to all of your online accounts.

How to spot fake apps on the App Store

A photo an iPhone in hand, with the Apple Music App Store page open, on the Ratings and Reviews section

(Image credit: Future)

Despite Apple and Google’s best efforts, fake apps impersonating popular brands do manage to slip through the cracks from time to time. This is why, even if you’re looking for new apps on an official app store, you still need to be able to spot a fake.

In this case, a simple examination of the app’s name would have done the trick since LastPass was spelled incorrectly. However, sometimes hackers, cybercriminals and scammers use foreign alphabets to make their fake apps — and websites — appear more legitimate. When this happens, you want to scroll all the way down on an app’s listing page and look for developer info on the Google Play Store or the seller info on the App Store.

The actual LastPass app is developed and distributed by LogMeIn, Inc while the fake one had Parvati Patel listed as its creator. This is a major red flag and a sign that you should avoid an app entirely. Normally, apps have the name of the company that developed them listed on the app store which is why the name of an individual developer stands out like a sore thumb.

If you’re worried about fake apps on any official app store, you can always go to a company’s official website and then head to their app store listing from there. Just be careful on Google Search though as scammers like to impersonate big brands by buying ads on the search engine. For this reason, you should always scroll down past the sponsored results until you find the real ones. Most businesses have a direct link to their apps on their sites and if you’re concerned you might not be able to spot a fake, this is the best course of action to take when installing new apps.

Another thing you want to look out for are ratings. While the actual LastPass app has over 52 thousand ratings, the fake LassPass app only had one, five-star rating. At the same time, you also want to check any user reviews as people are quick to point out when they’ve been scammed by a fake or malicious app.

The fake LastPass app has now been removed from the App Store, but Tom’s Guide has reached out to Apple to learn more about how this happened in the first place. We’ll update this story if and when we hear back from the iPhone maker.

More from Tom's Guide

Anthony Spadafora
Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.