A New #Phishing Email Targets Metamask Users

I admit that I had to look this up, but Metmask as defined by Wikipedia as follows:

MetaMask is a software cryptocurrency wallet used to interact with the Ethereum blockchain. It allows users to access their Ethereum wallet through a browser extension or mobile app, which can then be used to interact with decentralized applications. MetaMask is developed by ConsenSys Software Inc., a blockchain software company focusing on Ethereum-based tools and infrastructure.

And it seems that there’s a phishing email that is targeting Metamask users that looks like this:

Now unlike most phishing emails that I come across, the English is actually decent and may pull you in. But if you look at the email address that this phishing email, it should make you think twice:

This clearly didn’t come from Metamask as I would expect their email addresses to be from metamask.io. Speaking of which, there’s a link below from metamask.io. That’s legit right? Actually it’s not. It’s hiding another URL which you can see here:

Now this is a technique that’s used by the more sophisticated email phishing operators to fool you into thinking that this email is legitimate. I am guessing that the operator behind this felt that they had to up their game as people who hold crypto are more likely to be tech savvy. Thus they’re less likely to fall for the sort of phishing emails that grab the average person. So you’re given the option of using a secret recovery phrase or a private key to “keep your wallet secure”. Both provide a vector for accessing your blockchain assets. This article describes the differences between the two, but here’s the thing to remember: Nobody can get access to your crypto without one or the other. That’s what this #phishing email is about which is to steal your crypto. I’m going to stop here because it’s pretty clear what the operator’s game is. But I will be warning Metamask about this so that they can keep users of their crypto wallets safe.

Leave a Reply

%d bloggers like this: