METAMASK WARNS AGAINST PHISHING SCAM UNDER WEB HOSTING COMPANY NAMECHEAP’S EMAIL
MetaMask one of the leading crypto wallet providers world wild, has just issued a warning to all investors against ongoing phishing attempts by scammers attempting to contact investors through Namecheap’s third-party upstream system for emails.
On February 13, MetaMask took to Twitter to warn investors of potential phishing emails that attempted to steal personal information from the recepients and their cryptocurrency wallets. The phishing campaign originated after domain registrar NameCheap had their email account breached on Sunday night.
The attackers used “SendGrid”, an email platform, that is used by Namecheap to send renewal notices and marketing emails to send unauthorized emails which target MetaMask investors. Namecheap described the incident as an “email gateway issue.”
According to the official blogpost, the phishing emails sent by the hacker contain a link that opens a fake MetaMask website requesting Secret Recovery Phrase “to keep investors wallet secure.”
This allowed the hackers to import the wallet to their own devices and steal all the funds and assets of investors. The email read,
“We are writing to inform you that in order to continue using our wallet service, it is important to obtain KYC (Know Your Customer) verification. KYC verification helps us to ensure that we are providing our services to legitimate customers. By completing KYC verification, you will be able to securely store, withdraw, and transfer funds without any interruptions. It also helps us to protect you against financial fraud and other security threats.”
EVOLVING NEW SCAMS Affecting Metamask
Namecheap CEO Richard Kirkendall also confirmed regarding the exploit specifying the company had disabled emails through SendGrid while they investigated the issue. However, just within two hours of the initial intimation, NameCheap confirmed that its mail delivery was restored.
Recently, MetaMask issued a warning on a new crypto wallet address scam dubbed as “Address Poisoning” where hackers take advantage of investors carelessness to drain crypto tokens from the victim’s wallet address world wild.
The digital wallet provider explained the perpetrators “poison” transaction histories by sending investors tokens that are worth $0 to their wallets. Meanwhile, hackers or attackers use a “vanity” address generator that churns out an address closely matching the victim’s wallet. that been said, be careful and do not share your private keys or any sensitive information with anyone.
About The Author
