Blockchain security firm warns of new MetaMask phishing scam
Halborn, a blockchain and cybersecurity startup, has warned of a new phishing email scam targeting users of the popular digital asset wallet MetaMask.
In a blog post, Halborn’s technical education specialist Luis Lubeck explained how the campaign is being continued using a sample of the phishing email the company received. Lubeck pointed out the red flags in the email that could easily be missed.
The email claims to be from MetaMask, uses the logo and references an open support ticket. However, a typo in the sender’s email address is the first telltale sign of malicious intent. Sender is Metamax instead of MetaMask.
The domain name of the email address and the server used to send it are also fake and not associated with MetaMask. Likewise, the email lacks the usual personalizations that are one of the hallmarks of authentic emails.
The content of the email informs the user to comply with mandatory KYC regulations and provides guidance on how to verify their wallet. Meanwhile, the link provided to perform the verification leads to a malicious website that asks victims to enter the passphrase before redirecting to the real MetaMask to empty the wallet.
Lubeck assumed by advising vigilance while interacting with emails, especially clicking and downloading links and attachments.
“The best defense against phishing attacks like these is to be vigilant when receiving emails and think twice before doing anything that seems slightly unusual or potentially suspicious,” he wrote.
Social engineering phishing scams are on the rise
The latest warning comes after Halborn also discovered a security flaw in MetaMask’s online extension wallet that was patched back in June. The flaw would potentially allow hackers to extract the secret recovery phrase used by online wallets like MetaMask from the hard drive of a compromised computer under certain conditions.
In another incident in April, MetaMask warned users about a security flaw in Apple’s iCloud storage service that could potentially allow hackers to siphon their digital assets. Aside from those targeting MetaMask, digital asset phishing scams using social engineering have increased.
Founded in 2019 by ethical hackers Steve Walbroehl and Rob Behnke, Halborn says it has seen high demand for its services in the blockchain industry. Despite the market downturn, the company raised $90 million in a funding round in July, according to a Bloomberg report.
See: BSV Global Blockchain Convention panel, Law & Order: Regulatory Compliance for Blockchain & Digital Assets
New to Bitcoin? Check out CoinGeeks Bitcoin for beginners section, the ultimate resource guide for learning more about Bitcoin – originally envisioned by Satoshi Nakamoto – and blockchain.