A new phishing campaign is reportedly targeting holders of the cryptocurrency wallet Metamask, according to a blockchain security firm.
Malicious actors and cybercriminals are cashing in on the crypto craze and with the industry's rise in popularity comes the surge in the level of scams and other hacking incidents attacking cryptocurrency firms and investors. In a blog published last week, technical education specialist Luis Lubeck of the blockchain security firm Halborn shared the details on how sophisticated scammers target Metamask holding via a new phishing campaign.
The scam revolves around tricking users through the use of emails and making them freely give their passphrases. The email, according to Halborn, looks legitimate at a glance with Metamask's header and logo to prove its authenticity.
Wanting to learn more about what the software Metmask is for? In this video, we cover what metamask is, how safe it is, and the main purpose for using it Photo: YouTube Screenshot/Official Metamask YouTube Channel
It also comes with a message informing users to comply with Know Your Customer (KYC) regulations, as well as ways to verify their wallets. However, scrutinizing one such email led the blockchain security firm to spot multiple red flags.
The email had several spelling errors and a fake sender's email address with the domain metamaks.auction was used. Halborn also pointed out that the server used to send the email was not at all related to the genuine Metamask company.
"Finally, if we open the other properties of the email, we can see that the server used to deliver the message (unicarpentry.onmicrosoft.com) is not related to the real service," the blog noted. In the bottom part of the email was the time-sensitive Verify Your Wallet prompt, which, when clicked, will lead users to dockwo. com - a domain that is not in any way related to Metamask.
The malicious website will ask users to key in their passphrase. Halborn explained that "once the victim enters the required passphrase, they are actually redirected to the real MetaMask website, which deceives the victim into thinking that everything is in order, but the truth is that the information of their crypto wallet was already exposed and now the scammers have all the information they need to access the victim’s digital assets."
With cybercriminals getting smarter, users' best weapon against this is vigilance and caution, especially when reacting to emails. It is also helpful to use 2FA in every account and up-to-date multi-layer security solutions to be extra safe.
Metamask has over 10 million active monthly users as of August 2021, placing the company as the leading non-custodial wallet in the world.
