LastPass on Tuesday warned of a phishing campaign with false claims that the company is conducting maintenance and asking customers to back up their vaults in the next 24 hours, according to an alert released by the company.

LastPass said the campaign began on or about Monday, which was Martin Luther King Jr. Day, when many U.S. businesses were closed. The company emphasized the email is not a legitimate request and confirmed that customers are being targeted in a social engineering campaign.

“This campaign is designed to create a false sense of urgency, which is one of the most common and effective tactics we see in phishing attacks,” a spokesperson for LastPass said in a statement.

The spokesperson added that LastPass would never ask customers for their master passwords or demand action. under a tight deadline.

The LastPass security alert includes an image of the fake backup request and also provides details of the malicious URLs, header information, IP addresses and the fake subject lines. 

LastPass did not provide any details about how many customers were impacted nor did it elaborate on who may be behind the attacks. Multiple email addresses were used to target customers, according to a spokesperson.

The company said it is working with third-party partners to have the domain taken down as soon as possible. 

Targeting users over holiday weekends is a common tactic designed to take advantage of reduced holiday staffing, which often delays the ability of security teams to respond to an attack. 

A widely used password manager, LastPass helps corporate and individual customers protect passwords in a secure environment. 

LastPass previously overhauled its internal security practices after a 2022 breach, when threat actors targeted the company’s source code. 

As part of that larger overhaul, the parent company of LastPass brought in a new chief information security officer.