LastPass warns of a new phishing campaign involving death certificates and a nefarious email that demands you reply to it if you're not dead

This email is best left on read.

If you've recently been informed that a death certificate is being used to get into your LastPass account, you have fallen victim to bad actors.

LastPass, one of the most popular password manager providers, has recently posted a blog detailing a deceptive new scam that claims a death certificate has been uploaded on your behalf (via BleepingComputer). The scam claims that another family member is attempting to access your LastPass account via the death certificate, and "if you have not passed away and believe that this is a mistake, please reply to this email with STOP."

The LastPass scam email, alerting a user a family member has used a death certificate to get into their account

A bad actor getting access to your LastPass account is a particular problem, as your password manager will have access to login details, among the sites you have accounts on. Even if someone can't get your password to other sites from inside your account, they could use that to log in to other websites if you don't have two-factor authentication on.

LastPass does have two-factor authentication, though, so that's something you will want to turn on if you want an extra layer of security on pretty much any account on any website that supports it.

As always, 2FA is worth setting up. Given that you need to sign off on access to your accounts via your phone, a bad actor getting your password doesn't mean they can actually get into your account. It's a nifty tool and only takes a few moments to get up and running.

