Halborn warns of active MetaMask phishing campaign

Graphic representing phishing with a hacker stealing data from one computer to anotheri
(Image credit: Shutterstock)

Blockchain security firm Halborn has warned users against a new phishing campaign attempting to trick MetaMask crypto wallet owners into revealing their passphrases.

The modus operandi, as with most scams, is email. Halborn, upon receiving a scam email purporting to be from MetaMask on July 25, altered users to the active phishing campaign, implying the email thread ‘can easily pass as a real email from MetaMask’ when read ‘quickly and superficially’.

A closer look reveals various red flags, including a fake domain (metamaks.auction), an incorrect email address (Metamaks Support), and an unrelated server (unicarpentry.onmicrosoft.com).

The phishing email creates a sense of urgency by nudging users to comply with Know Your Customer (KYC) regulations before 8/30/22. “We require all customers to verify their wallets to continue using our service,” the email read.

Upon clicking ‘Verify your wallet’, users are unwittingly directed to a malicious site that prompts them to enter their passphrase. The SSL certificate associated with the pretentious MetaMask site adds to the trickery.

“The best defense against phishing attacks like these is to stay vigilant when receiving emails and think twice before doing anything that seems a bit unusual or potentially suspicious,” writes Luis Lubeck, technical education specialist at Halborn.

“If an email contains a link to be clicked, visit the site directly instead and find the target page from there. If an attachment is unsolicited and seems suspicious, call the sender, and confirm before downloading or opening it,” added Lubeck.