Unfortunately some people will fall for this. Associating the airdrop with Justin is enough to raise warning flags for a lot of us.
I don't like that Hivesigner suggests you enter a master key as that should almost never be used. Unfortunately many will not check the URL.
Stay safe.
Agreed, a key with posting privileges is all that is usually needed.
One of the things I love about password managers (I use Dashlane) is that they fill in the password for you based on the URL. If only everyone would use those, these phishing scams wouldn't work so well.
I use Lastpass and it has served me well, so I don't even mind paying for it.
I used LastPass a few months ago, but their free service became even more limited to the point that they are already pressuring free users to pay for a premium upgrade. 🕵️♂️ It is also not open-source. ☹️
A free and open source option is ideal, but I accept some compromise for my needs and I think it is worth paying for.
Bitwarden is not only FOSS, but it is cheap ($1 vs $3.50 of LastPass) and allows its users to self-host for free. 🤔 Anyway, I acknowledge that you have chosen to use LastPass for your own needs.🙂
A working password manager is well worth paying for. Any of them. I got into Dashlane while they were still an NYC startup and paid I think $80 for a lifetime license. Has saved me a lot of time ... and phishing :)
I would expect this to mutate to something similar soon. The scammer knows the community (soon) will be aware of that banner. I'm sure said scammer has even more accounts that he can abuse (and ruin) as well.
Sadly that's probably true. You have to be so careful with keys and we have to drum it into people that they never give the master key to anyone. I'm not even that keen on using Hivesigner as it tends to be awkward to use. Keychain works better for me.