Security firm warns against phishing campaign targeting MetaMask
A cybersecurity company has issued alerts regarding a fresh phishing campaign. One that is going after users of the well-known cryptocurrency wallet – MetaMask.
The ongoing phishing campaign used emails to target MetaMask users and deceived them into disclosing their passphrase. This, according to a blog post by Halborn’s Technical Education Specialist Luis Lubeck.
To alert users to the new fraud, the company examined phishing emails it had received in late July. Halborn claimed that the email appears legitimate at first glance thanks to a MetaMask header and logo and instructions instructing users on how to comply with Know Your Customer (KYC) rules.
How to understand the red flags?
Halborn also pointed out that the letter contains several warning signs. The two most noticeable ones were misspellings and an email address that was not the sender’s. Furthermore, the phishing emails were sent through a phony domain called the meta mask auction.
Phishing attacks are social engineering attempts to steal cryptocurrencies using targeted emails. These entice victims into disclosing more personal information or clicking links to nefarious websites.
The company also pointed out that the message lacked customization – Another red flag. The malicious link to a bogus website that requests users to enter their seed phrases before forwarding to MetaMask to empty their cryptocurrency wallets is shown when the call to action button is hovered over.
Researchers from Halborn noted a situation in which a user’s private keys may be located unencrypted on a drive in a compromised computer in June. Following the discovery, MetaMask modified version 10.11.3 and later, its extension too.
Following the disclosure of client emails by a third-party vendor employee last week, Celsius users were also alerted to a phishing danger.
Cybercriminals target Metaverse with phishing scams
According to CNBC, investors from all around the U.S told CNBC that hackers misled them into visiting websites they thought were trustworthy entrances to the virtual world. These, alas, turned out to be phishing sites intended to steal user information.
As a result, the hackers took control of their metaverse property. They genuinely wanted a piece of the metaverse, a new blockchain-based virtual network of platforms that have recently become well-known thanks to significant investments from investors, fashion shows, and celebrities.Source