Metamask mobile application

Blockchain security firm warns against new MetaMask phishing scam

Halborn, a blockchain and cybersecurity startup, has warned of a new phishing email scam targeting users of the popular digital asset wallet MetaMask.

In a blog post, Halborn’s technical education specialist Luis Lubeck explained how the campaign is being perpetuated using a sample of the phishing email the company received. Lubeck pointed out the red flags in the email that can easily be missed.

The email claims to be from MetaMask, using its logo and references an open support ticket. However, a spelling error in the sender’s email address is the first giveaway of malicious intent. The sender is Metamaks instead of MetaMask.

The domain name of the email address and the server used to send it are also fake and not affiliated with MetaMask. Similarly, the email lacks the usual personalizations that are one of the marks of authentic emails.

The content of the email informs the user to comply with mandatory KYC regulations and gives a guide on how to verify their wallet. Meanwhile, the link provided to perform the verification leads to a malicious website that prompts victims to enter their passphrase before redirecting to the real MetaMask to empty their wallets.

Lubeck surmised by advising vigilance while interacting with emails, especially in clicking and downloading links and attachments.

“The best defense against phishing attacks like these is to stay vigilant when receiving emails and think twice before doing anything that seems a bit unusual or potentially suspicious,” he wrote.

Social engineering phishing scams on the rise

The latest warning comes after Halborn also detected a security bug in MetaMask’s web-based extension wallet that was patched back in June. The bug would potentially allow hackers to extract the Secret Recovery Phrase used by web-based wallets like MetaMask from the hard disk of a compromised computer under some conditions.

In another incident in April, MetaMask warned users of a security flaw in Apple’s iCloud storage service that could potentially allow hackers to drain their digital assets. Aside from those targeting MetaMask, digital assets phishing scams using social engineering have increased.

Founded in 2019 by ethical hackers Steve Walbroehl and Rob Behnke, Halborn states that it has seen high demand for its services in the blockchain industry. Despite the market downturn, the company raised $90 million in a funding round in July, according to a Bloomberg report.

Watch: The BSV Global Blockchain Convention panel, Law & Order: Regulatory Compliance for Blockchain & Digital Assets

YouTube video

New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.