Scams using cryptocurrency have been around for a long time. Cybercriminals entice victims with free transfers, bitcoin giveaways, other people’s credentials, and rare mining equipment in the hopes of obtaining cryptocurrency in their wallets. Today, we’ll take a look at yet another fraudulent operation, this one aimed at MetaMask cryptowallet users.
What exactly is MetaMask?
MetaMask is an Ethereum wallet that supports all forms of Ethereum-based tokens (both regular and non-fungible ones, aka NFTs). The wallet is available as a desktop browser extension for Google Chrome, Firefox, Microsoft Edge, and Brave, as well as mobile apps for iOS and Android. On a decentralised network, MetaMask may be used to make purchases as well as produce and monetize content.
Access is protected by a user password made upon registration, as well as a private key generated by the app that consists of 64 alphanumeric characters and a seed phrase — a string of 12 (less frequently 24) syllables.
While virtually all cryptowallet users are aware that the password and private key should not be shared with others, some, particularly cryptocurrency newcomers, overlook the need of keeping the seed phrase confidential. Keep in mind that the seed phrase is simply a verbal representation of the private key, allowing you to regain account access. To put it another way, if someone obtains your seed phrase, they will be able to get into your account and obtain your Bitcoin. As a result, con artists are interested.
Threatening to block your account through e-mail
The fraud begins with a bulk e-mail that uses one of hackers’ favourite psychological tricks: intimidation. Victims are threatened with having their MetaMask accounts terminated unless they promptly verify them.
To make the message more believable, the fraudsters include the company’s name and logo, as well as the sender’s support service. Only a deeper examination of the e-return mail’s address raises suspicion.
The misspelling in the firm name in the e-mail address is the first clue that it’s a phoney (metamasks instead of metamask). The domain (the section of the address following the @ sign) is another warning flag. Account-security-noreply@microsoft.com is an example of a respectable company using its name as the domain. However, in this scenario, the domain has no connection to MetaMask. Finally, the.de suffix shows that the address is registered in Germany, which is odd given that MetaMask is based in the United States.
The fraudsters ask their victim to click on a link in the e-mail to verify the account. This does not inspire confidence either: the erroneous domain with additional words and foreign brand names plainly indicate that something is amiss with the message.
Start with the seed.
If the victim ignores these warning indications and clicks on the link, they will be led to a phoney login page that looks identical to the legitimate MetaMask website.
The scammers ask the victim to fill out a form with their seed word, which is meant to unlock the wallet. The user gets led to the actual MetaMask site if they enter the secret word, but their wallet is now in the hands of cybercriminals.
How to Keep Your Money Safe
Attackers are continuously devising new and more complex methods of scamming cryptocurrency investors. Most frauds, on the other hand, contain telltale indicators. And following these simple security guidelines is generally enough to keep attackers out:
- Be suspicious of e-mails and messages requesting cash or threatening to block an account, or, on the other hand, proposing a get-rich-quick scam.
- Take note of the sender’s address. It’s almost probably a fraud if the company’s name is misspelt or the domain is just a bunch of random letters.
- Take great care with the data and credentials you use to access your account and money. Learn how the cryptowallet security system works, what information the support service could need from you, and what you should never reveal.
- To help keep your money safe from all types of scams, use a dependable solution that includes protection against online fraud and phishing.
” This blog offers generic information. By no means, it is professional advice. The information aforementioned is believed to be factually correct. The information provided is solely based on the author’s judgment and is subject to change. This is not endorsed by any 3rd parties or other brands.”
#MetaMask #ScammersEye #Cryptowallets #Protection
