A blockchain cyber security company has alerted users to the existence of a Metamask phishing scheme that targets the company’s crypto wallets.
In Thursday’s post by Luis Lubeck, technical education specialist at Halborn, it was pointed out that Metamask’s active phishing campaign uses emails to target and trick Metamask users.
Meta mask phishing scheme
The company analyzed the scam emails it received in late July and warned users about the new scam. Holborn noted that at first glance, these messages look like a KYC alert. The fake message asks users to verify their wallet in order to operate on Metamask.
According to Holborn, there are several suspicious signs in the message sent. Among these mistakes, we can mention spelling mistakes and fake email address of the sender. A fake domain called metamasks.auction has also been used to send phishing emails.
Phishing attacks are social engineering attacks that use targeted emails to trick victims into revealing more personal data or clicking on links to malicious websites that attempt to steal information. According to Holborn, another sign of the Metamask phishing scheme was the lack of personalization in the messaging. If users hover over the action button, the malicious link will redirect them to a fake website. The fake site also asks users to enter the private key of their account to access their wallet.
Recent Crypto Scams
Holborn was founded in 2019 with $90 million in capital by ethical hackers providing blockchain and cybersecurity services. In June, Holborn researchers uncovered a case where unencrypted users’ private keys were at risk of being transferred to thieves’ hard drives. In response to this issue, Meta Mask introduced the plugin version 10.11.3. Despite the plugin update, Metamask did not release any statement regarding the phishing attacks on its Twitter.
Last week, Celsius users were exposed to an email hacking attack. One of the sellers of this company announced the leak of Celsius customers’ emails. In late June, security researchers warned about a new type of malware called Luca Stealer. This malware is written in the Rust programming language and targets Web3 infrastructure such as crypto wallets. A similar malware called Mars Stealer was also released in February with the aim of stealing Metamask wallets.
What do you think about the Metamask phishing scheme? Please leave your comments in the comments section duplicate share it.