MetaMask, one of the most popular cryptocurrency wallets, issued an investor alert this Monday (13). According to the company, there is a major phishing scam going on this week.
It all started with a problem at Namecheap, a popular web domain registrar whose email services had been compromised.
“We have evidence that the upstream system we use to send emails is involved in sending unsolicited emails to our customers”wrote Namecheap on Sunday (12). “We stopped immediately.”
We have evidence that the upstream system we use to send emails is involved in sending unsolicited emails to our customers. It was immediately discontinued.
— Namecheap.com (@Namecheap) February 13, 2023
Stay informed!
Get the most important news of the day.
Thank you!
You are now receiving our newsletter.
Since such emails seem to come from Namecheap itself, hackers take advantage of potential victims’ carelessness to send them to bogus websites. One of the main targets is cryptocurrency investors, especially MetaMask users.
MetaMask warns about phishing scams
Also via Twitter, MetaMask asked people to avoid opening emails from Namecheap or MetaMask itself, noting that it is a scam.
“MetaMask does not collect KYC information and will never email you about your account! NEVER enter your secret recovery phrase on a website”warned the wallet.
“If you received an email today from MetaMask or Namecheap or anyone else like this, please ignore it and don’t click on their links!”
⚠️MetaMask does not collect KYC information and will never email you about your account!
NEVER enter your secret recovery phrase on a website.
If you received an email today from MetaMask or Namecheap or anyone else like this, please ignore it and don’t click on the links! pic.twitter.com/4CDtne24OK— MetaMask 🦊💙 (@MetaMask) February 13, 2023
In the Bleeping Computer article, shared by MetaMask, there are some screenshots of the fake wallet email and page, where the user is asked to enter their recovery phrase. That is, if an investor continues with these steps, he will give hackers access to his cryptocurrencies.
“Dear user, we are writing to inform you that it is important that you verify your identity by KYC to continue using our wallet”points to the fake email intended to steal cryptocurrencies from investors.
If the user clicks on the link in the email, he is taken to a fake page. As shown in the image below, hackers want the potential victim to be naive enough to enter their private keys or recovery phrase, which will give them access to the investor’s cryptocurrencies.
Finally, Namecheap is known for being one of the first services to accept Bitcoin as payment. Therefore, it is possible that many of its users are cryptocurrency investors, increasing the risk of the attack.
The final security tip is to never write your private keys on suspicious websites and think for five minutes before taking any action that seems to require immediate action. After all, such a sense of urgency is an old scam tactic.
Source: Live Coins
Barry Siefert is an accomplished journalist and author at The Nation View. He is known for his expertise in the field of cryptocurrency, and has written extensively on the topic. With a background in finance and economics, Barry has a deep understanding of the underlying technology and market forces that drive the crypto industry.