Beware of Metamask phishing emails | Bitcointalksearch.org

Ultegra134

hero member

Activity: 1680

Merit: 845

Quote from: Cantsay on October 03, 2024, 05:58:00 PM

The last time I saw something like this wasn’t on email but on Facebook - the scammer just targeted Facebook accounts that were crypto related and tagged them claiming that they won a certain amount all they had to do was to click on the claim button, but on clicking it will ask for your seed phrase.

The whole page was filled with different Facebook accounts that were tagged and I’m sure they will be able to get one greedy person inside to really expose their seed phrase with the hope of claiming something they never took part in.

It's not necessarily greediness; even though we're talking about cryptocurrencies and we automatically conceive anyone who's involved as knowledgeable, I can guarantee you that in some cases, it's far from the truth. With that being said, some people are simply naïve and ignorant, often lack the ability to tell what's a scam or not, and are unaware of the possible dangers providing your seed phrase poses.

Social media is a plague of scams, whether that's Facebook, Twitter, Telegram or Discord. I almost got scammed myself through Discord when asking for assistance.

hugeblack

legendary

Activity: 2688

Merit: 3983

The sender's name and account details are suspicious, so even if the verification mark is misleading, it is easy to discover that the email comes from a third party.
In general, even if the email is from MM, you should not trust it, especially if it redirects you to a strange link or the signature does not match the software you want to download.
It is also better not to follow cryptocurrency news and updates via email.

Cantsay

hero member

Activity: 700

Merit: 541

Bitcoin Casino Est. 2013

Quote from: Ultegra134 on October 03, 2024, 03:29:25 PM

The claim button leads to a fake website requesting your seed phrase.

The last time I saw something like this wasn’t on email but on Facebook - the scammer just targeted Facebook accounts that were crypto related and tagged them claiming that they won a certain amount all they had to do was to click on the claim button, but on clicking it will ask for your seed phrase.

The whole page was filled with different Facebook accounts that were tagged and I’m sure they will be able to get one greedy person inside to really expose their seed phrase with the hope of claiming something they never took part in.

Ultegra134

hero member

Activity: 1680

Merit: 845

Didn't want to post a whole new topic since the subject is quite similar, but I've been receiving fake phishing emails in the name of Binance Kraken with fake giveaways. Surprisingly, the email was in my main folder and not in spam where they usually appear and it's not that terrible looking compared to other phishing emails I've received.

Their email address is the following

Quote

[email protected]

While the sender's name is supposedly "Trust Wallet"

The claim button leads to a fake website requesting your seed phrase.

Ultegra134

hero member

Activity: 1680

Merit: 845

Quote from: NotATether on July 04, 2024, 12:32:16 PM

I receive this bullshit all the time. It is automatically thrown in the dumpster bin (aka. Spam).

I receive a bunch of them daily on this email address, however, a large number of them, especially cryptocurrency related ones slip through the spam folder and land in my inbox. Not sure if it's random or Yahoo is crap at identifying phishing and scam emails, or those emails are so sophisticated that manage to pass through their security. They're annoying either way.

Lafu

legendary

Activity: 3136

Merit: 3213

Quote from: NotATether on July 04, 2024, 12:32:16 PM

I receive this bullshit all the time. It is automatically thrown in the dumpster bin (aka. Spam).

Same here , and there are also a ton of other Fake / Phishing emails all the time.
I guess the first one i have seen was years ago and i also posted it somewhere (i think it was Meta) but at that time the Links was posted in the Forum.
There are so many fake mails for everything lately even you dont have an account on the website and service you get one.

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

I receive this bullshit all the time. It is automatically thrown in the dumpster bin (aka. Spam).

aioc

hero member

Activity: 2926

Merit: 567

Even if they are using a blue tick that makes the email legit, we still have to follow the established advice of not connecting our wallet to platforms coming from emails.

Metamask clearly stated it in their article :

Quote

MetaMask will never send you unsolicited emails.
MetaMask will not and cannot initiate email correspondence with you.
We hold no personal identifying information such as names, email addresses, or otherwise — we don't collect these at any point whilst you're creating your wallet. This means we have no means of contacting you directly unless you specifically request it. And even then, there are only a few specific ways you can do this.

https://support.metamask.io/privacy-and-security/staying-safe-in-web3/i-received-an-email-claiming-to-be-from-metamask-is-it-legit

This kind of email is for newbies who are not aware of Metamask policy regarding emails.

albon

legendary

Activity: 1890

Merit: 1537

Quote from: Ultegra134 on July 01, 2024, 08:02:18 AM

at it's quite common on social media pages, where you can practically purchase it for a small amount of money. That's actually an old email of mine which has been found in quite a few database leaks.

This may not be the original blue tick in the message you received. It may be one of the symbols used as a trick to make the sender’s email/name appear as if it actually has the original verification mark, or perhaps the scammers have used the BIMI feature provided by Gmail and Yahoo through their primary domain and their brand logo to obtain this verification mark that is given to the owners of organizations, companies, public figures and the like. For this reason, verification marks have become easy, as you mentioned, and can be purchased through social media. Therefore, the sender’s email and the content of the message are one of the clear signs that prove this phishing attempt.

I do not advise anyone to open the email links or download any attached files. Instead, rely on bookmarked official links in your browser. MetaMask is a secure wallet, and these phishing messages target all wallets and crypto platforms. Therefore, everyone should be aware of what they are doing and know the necessary security measures.

robelneo

legendary

Activity: 3416

Merit: 1225

I always hit spam on emails I'm unfamiliar with, and if they do not have an unsubscribe button, it's targeted spam and likely a scam attempt.
I checked the source of the email, and it's using the domain

Code:

qemailserver.com

My anti-virus is blocking it because of its invalid certificate; a legitimate site will always have a valid certificate.

Quote

URL: qemailserver.com
Reason: Invalid name of certificate. Either the name is not on the allowed list or was explicitly excluded. View certificate

Ultegra134

hero member

Activity: 1680

Merit: 845

Quote from: Lucius on July 01, 2024, 05:08:02 AM

I've never used this wallet because I simply didn't need it, and the fact that it only had a browser version in the past (if I'm not mistaken) was completely repulsive to me considering that it's just too big a risk. I understand that a lot of people need to use this kind of wallet considering what they do, but I see countless risks in all of this, not only because scammers target potential victims through phishing, but also how often we can read that someone has linked their wallet in this way he was left without everything.

@Ultegra134, maybe you didn't notice (or it doesn't matter too much to you), but the screenshot you posted reveals your e-mail address.

Thanks, totally forgot about it! I Reuploaded the screenshot without it.

I'm not too fond of this wallet either, I've used it in the past when I was staking on Beefy or similar platforms. I've now stopped using it and withdrew all my funds, I also didn't feel safe using it and read quite a few stories of people getting scammed. I almost got scammed as well, but it was my fault, it just shows the vulnerabilities of such wallet.

Quote from: JeromeTash on June 30, 2024, 03:52:57 PM

That blue checkmark is rather psychological to some users. It makes them believe as though the email is authentic, and yet it is not. I believe your email address must have leaked in one of those crypto related websites you signed for. So the scammer have an idea that you are into crypto.
It could have been something similar to the CoinMarketCap hack sometime back or the recent Coingecko hack.

That's true, at it's quite common on social media pages, where you can practically purchase it for a small amount of money. That's actually an old email of mine which has been found in quite a few database leaks.

cryptomaniac_xxx

hero member

Activity: 1344

Merit: 540

Quote from: Ultegra134 on June 30, 2024, 02:56:50 PM

I received this email today, which is of course a phishing email, but it looked a little more believable compared to others I've received the past few months, it even has a "verified" tick next to their email. Never "manually" secure your account by connecting your wallet to an unknown service or platform, or even worse, input your private key because automatic validation "failed".

Unfortunately, there's still a reasonable amount of people who are unaware and fall victims to these scams.

Yes, this is another classic example of the modus of scammers, they try to emulate those well known wallet and try to be spoof team with this kind of emails. It's good that you recognized this as a phishing email and hopefully we one will fall for it.

Not just in email though, even is SMS or text message, this scammers are very active, not just in crypto, but everything financial like banks. And as what others said, it's better to verify first and just don't try them.

coin-investor

hero member

Activity: 2996

Merit: 598

Leading Crypto Sports Betting & Casino Platform

Quote from: Ultegra134 on June 30, 2024, 02:56:50 PM

I received this email today, which is of course a phishing email,

In that case your email has been pawned or there is a data breach on one of the site where your email is part of the breach, you should check it using this tool Check if your email address is in a data breach

Quote

but it looked a little more believable compared to others I've received the past few months, it even has a "verified" tick next to their email.

Even scammers can use this feature to scam their recipients, if you do not know the sender or you have not opted to be part of their email database then its considered a spam, and besides Metamask never ask for emails so how come they will send you an update through email.

Quote

Never "manually" secure your account by connecting your wallet to an unknown service or platform, or even worse, input your private key because automatic validation "failed"

If they ask you for private keys then its a scam, no platform other than your wallet can ask your private key or seeds

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

I've never used this wallet because I simply didn't need it, and the fact that it only had a browser version in the past (if I'm not mistaken) was completely repulsive to me considering that it's just too big a risk. I understand that a lot of people need to use this kind of wallet considering what they do, but I see countless risks in all of this, not only because scammers target potential victims through phishing, but also how often we can read that someone has linked their wallet in this way he was left without everything.

@Ultegra134, ~~maybe you didn't notice (or it doesn't matter too much to you), but the screenshot you posted reveals your e-mail address.~~

_act_

legendary

Activity: 1064

Merit: 1298

Lightning network is good with small amount of BTC

Quote from: JeromeTash on June 30, 2024, 03:52:57 PM

It could have been something similar to the CoinMarketCap hack sometime back or the recent Coingecko hack.

You mean the email of users leaked on Coinmarketcap or Coingecko? It could also be the user itself submitted his email somewhere online. Even those that submit their email for Trezor newsletter got their email breached by hackers. But is there a way that someone will provide his email somewhere on Metamask? This phishing attacker is common to Metamask users. I guess the bad actor knows definitely that the user are using Metamask.

JeromeTash

legendary

Activity: 2338

Merit: 1261

Heisenberg

That blue checkmark is rather psychological to some users. It makes them believe as though the email is authentic, and yet it is not. I believe your email address must have leaked in one of those crypto related websites you signed for. So the scammer have an idea that you are into crypto.
It could have been something similar to the CoinMarketCap hack sometime back or the recent Coingecko hack.

Orpichukwu

sr. member

Activity: 658

Merit: 387

The first method to detect a scam email without even trying to locate the error that might come with the email is that creating a Metamask wallet doesn't require users to input their email address before the wallet creation can be done; you just generate your wallet phrase or private key, and that's it.

So how can Metamask get your email address without you giving it to them? I personally discard any email that claims to come from all these wallet providers, and I know I have not given them my email address before. Receiving email from them alone is a scam.

Ultegra134

hero member

Activity: 1680

Merit: 845

I received this email today, which is of course a phishing email, but it looked a little more believable compared to others I've received the past few months, it even has a "verified" tick next to their email. Never "manually" secure your account by connecting your wallet to an unknown service or platform, or even worse, input your private key because automatic validation "failed".

Unfortunately, there's still a reasonable amount of people who are unaware and fall victims to these scams.

Topic: Beware of Metamask phishing emails (Read 198 times)