The Attack Failed, Thanks to Someone Who Listened Carefully
The attackers used a combination of text-based attacks and deepfake voice over WhatsApp. First, the employee received a string of messages, pretending to be the CEO himself [1]. Then came the voice-based attack, when the attacker made a call impersonating the CEO’s voice [2].
The attacker demanded access to certain systems or information. The details of the request were not revealed, presumably to maintain confidentiality and prevent further attacks.
The employee recognized the attack. The crucial signs were the unusual insistence and the unusual mode of communication. No CEO would contact an employee via WhatsApp for urgent matters related to work.
Why LastPass Disclosed the Incident and What This Says
LastPass decided to make the incident known to the public despite its failure. The very fact that LastPass chose to disclose an attack speaks volumes about its importance [3].
The firm is showing that deepfake CEO fraud is now an attack vector specifically targeting companies in the technology sector with sensitive information. LastPass, which makes a living providing password management services, fits that description.
Making the incident public can also serve as a reminder within the company: that kind of attack is possible, we’ve faced it, be aware. LastPass probably has a strong culture of corporate security.
Human Intervention Is Inherent Risk in Defense
Everything turned out well at LastPass. However, there is a conclusion you should not draw from this story: if you train your employees well enough.
Attackers know all about the weakness of human judgment. They know that urgency overrides critical thinking. They know that the voice of authority creates an urge to follow an order. They know that stress focuses the mind, limiting perception to only one channel [4].
Fortunately for LastPass, there was a happy coincidence: someone heard the alarm bells ringing at the right moment and acted according to reason.
“Unfortunately, we became a target of sophisticated AI attack against our employees’ phones. The attackers attempted to get access to sensitive information with the help of AI-generated fake voice of LastPass CEO Karim Toubba. The attempt has failed. LastPass decided to report this incident in order to warn others.”
— LastPass Security Team, April 2024
How SYNHAWK Detects This Type of Attack
SYNHAWK PROTECTION: Had LastPass used SYNHAWK, HAWK 7 – the foundation of SYNHAWK based on audio – would have provided technical confirmation to the employee during the ongoing conversation, not relying on his subjective impressions. HAWK 7 would send a notification to the employee indicating that the voice has signs of AI generation. No special training needed. All that is required of the employee is the willingness to pay attention. Real-time detection means protection works for every call.

