Beware of Metamask phishing emails | Bitcointalksearch.org

aioc

hero member

Activity: 2926

Merit: 567

Even if they are using a blue tick that makes the email legit, we still have to follow the established advice of not connecting our wallet to platforms coming from emails.

Metamask clearly stated it in their article :

Quote

MetaMask will never send you unsolicited emails.
MetaMask will not and cannot initiate email correspondence with you.
We hold no personal identifying information such as names, email addresses, or otherwise — we don't collect these at any point whilst you're creating your wallet. This means we have no means of contacting you directly unless you specifically request it. And even then, there are only a few specific ways you can do this.

https://support.metamask.io/privacy-and-security/staying-safe-in-web3/i-received-an-email-claiming-to-be-from-metamask-is-it-legit

This kind of email is for newbies who are not aware of Metamask policy regarding emails.

albon

legendary

Activity: 1750

Merit: 1407

Quote from: Ultegra134 on July 01, 2024, 09:02:18 AM

at it's quite common on social media pages, where you can practically purchase it for a small amount of money. That's actually an old email of mine which has been found in quite a few database leaks.

This may not be the original blue tick in the message you received. It may be one of the symbols used as a trick to make the sender’s email/name appear as if it actually has the original verification mark, or perhaps the scammers have used the BIMI feature provided by Gmail and Yahoo through their primary domain and their brand logo to obtain this verification mark that is given to the owners of organizations, companies, public figures and the like. For this reason, verification marks have become easy, as you mentioned, and can be purchased through social media. Therefore, the sender’s email and the content of the message are one of the clear signs that prove this phishing attempt.

I do not advise anyone to open the email links or download any attached files. Instead, rely on bookmarked official links in your browser. MetaMask is a secure wallet, and these phishing messages target all wallets and crypto platforms. Therefore, everyone should be aware of what they are doing and know the necessary security measures.

robelneo

legendary

Activity: 3192

Merit: 1198

Bons.io Telegram Casino

I always hit spam on emails I'm unfamiliar with, and if they do not have an unsubscribe button, it's targeted spam and likely a scam attempt.
I checked the source of the email, and it's using the domain

Code:

qemailserver.com

My anti-virus is blocking it because of its invalid certificate; a legitimate site will always have a valid certificate.

Quote

URL: qemailserver.com
Reason: Invalid name of certificate. Either the name is not on the allowed list or was explicitly excluded. View certificate

Ultegra134

hero member

Activity: 1582

Merit: 758

Quote from: Lucius on July 01, 2024, 06:08:02 AM

I've never used this wallet because I simply didn't need it, and the fact that it only had a browser version in the past (if I'm not mistaken) was completely repulsive to me considering that it's just too big a risk. I understand that a lot of people need to use this kind of wallet considering what they do, but I see countless risks in all of this, not only because scammers target potential victims through phishing, but also how often we can read that someone has linked their wallet in this way he was left without everything.

@Ultegra134, maybe you didn't notice (or it doesn't matter too much to you), but the screenshot you posted reveals your e-mail address.

Thanks, totally forgot about it! I Reuploaded the screenshot without it.

I'm not too fond of this wallet either, I've used it in the past when I was staking on Beefy or similar platforms. I've now stopped using it and withdrew all my funds, I also didn't feel safe using it and read quite a few stories of people getting scammed. I almost got scammed as well, but it was my fault, it just shows the vulnerabilities of such wallet.

Quote from: JeromeTash on June 30, 2024, 04:52:57 PM

That blue checkmark is rather psychological to some users. It makes them believe as though the email is authentic, and yet it is not. I believe your email address must have leaked in one of those crypto related websites you signed for. So the scammer have an idea that you are into crypto.
It could have been something similar to the CoinMarketCap hack sometime back or the recent Coingecko hack.

That's true, at it's quite common on social media pages, where you can practically purchase it for a small amount of money. That's actually an old email of mine which has been found in quite a few database leaks.

cryptomaniac_xxx

hero member

Activity: 1344

Merit: 540

Quote from: Ultegra134 on June 30, 2024, 03:56:50 PM

I received this email today, which is of course a phishing email, but it looked a little more believable compared to others I've received the past few months, it even has a "verified" tick next to their email. Never "manually" secure your account by connecting your wallet to an unknown service or platform, or even worse, input your private key because automatic validation "failed".

Unfortunately, there's still a reasonable amount of people who are unaware and fall victims to these scams.

Yes, this is another classic example of the modus of scammers, they try to emulate those well known wallet and try to be spoof team with this kind of emails. It's good that you recognized this as a phishing email and hopefully we one will fall for it.

Not just in email though, even is SMS or text message, this scammers are very active, not just in crypto, but everything financial like banks. And as what others said, it's better to verify first and just don't try them.

coin-investor

hero member

Activity: 2884

Merit: 581

Leading Crypto Sports Betting & Casino Platform

Quote from: Ultegra134 on June 30, 2024, 03:56:50 PM

I received this email today, which is of course a phishing email,

In that case your email has been pawned or there is a data breach on one of the site where your email is part of the breach, you should check it using this tool Check if your email address is in a data breach

Quote

but it looked a little more believable compared to others I've received the past few months, it even has a "verified" tick next to their email.

Even scammers can use this feature to scam their recipients, if you do not know the sender or you have not opted to be part of their email database then its considered a spam, and besides Metamask never ask for emails so how come they will send you an update through email.

Quote

Never "manually" secure your account by connecting your wallet to an unknown service or platform, or even worse, input your private key because automatic validation "failed"

If they ask you for private keys then its a scam, no platform other than your wallet can ask your private key or seeds

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

I've never used this wallet because I simply didn't need it, and the fact that it only had a browser version in the past (if I'm not mistaken) was completely repulsive to me considering that it's just too big a risk. I understand that a lot of people need to use this kind of wallet considering what they do, but I see countless risks in all of this, not only because scammers target potential victims through phishing, but also how often we can read that someone has linked their wallet in this way he was left without everything.

@Ultegra134, ~~maybe you didn't notice (or it doesn't matter too much to you), but the screenshot you posted reveals your e-mail address.~~

_act_

legendary

Activity: 868

Merit: 1094

Quote from: JeromeTash on June 30, 2024, 04:52:57 PM

It could have been something similar to the CoinMarketCap hack sometime back or the recent Coingecko hack.

You mean the email of users leaked on Coinmarketcap or Coingecko? It could also be the user itself submitted his email somewhere online. Even those that submit their email for Trezor newsletter got their email breached by hackers. But is there a way that someone will provide his email somewhere on Metamask? This phishing attacker is common to Metamask users. I guess the bad actor knows definitely that the user are using Metamask.

JeromeTash

legendary

Activity: 2100

Merit: 1208

Heisenberg

That blue checkmark is rather psychological to some users. It makes them believe as though the email is authentic, and yet it is not. I believe your email address must have leaked in one of those crypto related websites you signed for. So the scammer have an idea that you are into crypto.
It could have been something similar to the CoinMarketCap hack sometime back or the recent Coingecko hack.

Orpichukwu

sr. member

Activity: 532

Merit: 346

The first method to detect a scam email without even trying to locate the error that might come with the email is that creating a Metamask wallet doesn't require users to input their email address before the wallet creation can be done; you just generate your wallet phrase or private key, and that's it.

So how can Metamask get your email address without you giving it to them? I personally discard any email that claims to come from all these wallet providers, and I know I have not given them my email address before. Receiving email from them alone is a scam.

Ultegra134

hero member

Activity: 1582

Merit: 758

I received this email today, which is of course a phishing email, but it looked a little more believable compared to others I've received the past few months, it even has a "verified" tick next to their email. Never "manually" secure your account by connecting your wallet to an unknown service or platform, or even worse, input your private key because automatic validation "failed".

Unfortunately, there's still a reasonable amount of people who are unaware and fall victims to these scams.

Topic: Beware of Metamask phishing emails (Read 90 times)