Technical education specialist at Halborn, Luis Lubeck, issued a warning on July 28 about a fresh phishing campaign that is targeting users of the well-known cryptocurrency wallet MetaMask. He asserted that emails were being used by the active phishing campaign to target MetaMask users and deceive them into disclosing their passphrases.
To alert users to the new fraud, the company examined scam emails it had received in late July. Halborn observed that the email appears genuine at first glance, complete with a MetaMask header and logo and instructions educating users on how to comply with KYC requirements and verify their wallets.
Halborn pointed out a few warning signs in the communication. The two most noticeable ones were misspellings and an unknown email address. Furthermore, the phishing emails were sent through a fake domain called metamaks.auction.
The company also pointed out that the message lacked customization, which is another red flag. The malicious link to a fake website that requests users to enter their seed phrases before forwarding to MetaMask to empty their cryptocurrency wallets is shown when the call to action button hovers over.
Halborn was established in 2019 by ethical hackers to provide blockchain and cyber security services.
Phishing attacks are becoming common in the crypto space
Phishing is basically a form of social engineering that entices victims into divulging additional personal details or clicking on links to fraudulent websites that try to steal the funds in the form of cryptocurrency. With the increasing adoption of cryptocurrencies around the world, these kinds of attacks have become very common in space, with victims using a huge amount of their funds to these scammers. In February, OpenSea users reported losing NFTs amid the phishing attack streaks.
Notably, as TheCoinRise reported in April, MetaMask issued a warning to the crypto community about Apple iCloud phishing attacks.