MetaMask, a cryptocurrency wallet provider, recently warned its users about a probable phishing attempt. Hackers reportedly found a flaw in Namecheap’s system, which they exploited to get their hands on users’ information. They then contacted them via email through a third-party service. Fortunately, Namecheap was able to block the attempt and notified MetaMask immediately.
MetaMask users targeted by unauthorized phishing emails
Last Sunday, Namecheap unfortunately discovered that malicious individuals have been using its services for questionable purposes. These hackers sent out unauthorized emails exclusively targeting Metamask users. The hosting company identified the problem as a flaw in their email gateway.
Phishing is a technique cybercriminals commonly use to steal sensitive information, such as account credentials and passwords. The details of the attack were quite sophisticated: the scammers inserted a link to a fake MetaMask website into the emails, asking users to add a secret recovery phrase to secure their wallets. If entered, the fraudsters would have had full access to users’ funds.
Following the Namecheap alert, MetaMask is warning its users about this phishing attempt. It further reiterated that it does not collect KYC (Know Your Customer) compliance information and never communicates via email regarding users’ accounts. MetaMask users were also advised to never share their recovery phrase, as this could allow scammers to steal their funds.
We have evidence that the system we use to send emails is involved in sending unsolicited emails to our customers. It was stopped immediately. We want to assure you that Namecheap’s systems have not been breached and that your products, accounts and personal information remain safe.
Namecheap
Metamask urges users to be vigilant
The recent spate of phishing attacks targeting MetaMask users highlights the importance of remaining vigilant online. Hackers are using sophisticated techniques to trick users into divulging sensitive information (passwords, recovery phrases, etc.).
Customized spear-phishing attacks, fake websites and phishing messages on social networks are increasingly common. Also, using Google ads to trick users is a particularly effective method for hackers, so it’s important to take security measures to protect yourself.
It’s crucial to remember that legitimate businesses never ask their users to divulge confidential information via email or phone.
To protect yourself from phishing attacks, it is important not to click on suspicious links or sponsored ads. It is also recommended to take security measures such as using strong passwords, secure recovery phrases and antivirus programs and most importantly, be sure to enable two-step verification.
As a journalist at Coinpri, I’ve been captivated by the world of bitcoin and blockchain since 2020. The decentralized aspect of Bitcoin particularly piqued my interest. Since then, I’ve been working constantly to spread my knowledge, hoping one day to see a world where everyone fully enjoys their financial freedom.
