IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Halborn warns of active MetaMask phishing campaign

The blockchain security firm deconstructs a pretentious email that attempted to steal users' passwords

Blockchain security firm Halborn has warned users against a new phishing campaign attempting to trick MetaMask crypto wallet owners into revealing their passphrases.

The modus operandi, as with most scams, is email. Halborn, upon receiving a scam email purporting to be from MetaMask on July 25, altered users to the active phishing campaign, implying the email thread ‘can easily pass as a real email from MetaMask’ when read ‘quickly and superficially’.

A closer look reveals various red flags, including a fake domain (metamaks.auction), an incorrect email address (Metamaks Support), and an unrelated server (unicarpentry.onmicrosoft.com). 

The phishing email creates a sense of urgency by nudging users to comply with Know Your Customer (KYC) regulations before 8/30/22. “We require all customers to verify their wallets to continue using our service,” the email read.

Upon clicking ‘Verify your wallet’, users are unwittingly directed to a malicious site that prompts them to enter their passphrase. The SSL certificate associated with the pretentious MetaMask site adds to the trickery.

“The best defense against phishing attacks like these is to stay vigilant when receiving emails and think twice before doing anything that seems a bit unusual or potentially suspicious,” writes Luis Lubeck, technical education specialist at Halborn.

“If an email contains a link to be clicked, visit the site directly instead and find the target page from there. If an attachment is unsolicited and seems suspicious, call the sender, and confirm before downloading or opening it,” added Lubeck.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

Education and government most at risk from email threats
phishing

Education and government most at risk from email threats

26 Nov 2021
Attackers use CSS to fool anti-phishing systems
phishing

Attackers use CSS to fool anti-phishing systems

11 Nov 2021

Most Popular

Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022