Metamask phishing site | Bitcointalksearch.org

btc_angela

hero member

Activity: 2660

Merit: 551

Quote from: perla on November 15, 2020, 01:57:27 PM

Didn't know that there's a phishing site of Metamask I checked it out and it looks like until now it's still operating. Let's just be careful about this website since until now it can still scam other especially those who are newbies. Nice catch by the way.

Metamask is one of the most targeted phishing attacks by this criminals. It has reached 1 million downloads already or more, so it make sense for this criminals to mimic Metamask and hope that someone will fall for their scheme. So just be careful, and I'm sure there are a lot of phishing websites that hasn't been uncovered. So I will keep this thread updated whenever I found one.

Hamphser

sr. member

Activity: 2604

Merit: 338

Vave.com - Crypto Casino

Quote from: perla on November 15, 2020, 01:57:27 PM

Didn't know that there's a phishing site of Metamask I checked it out and it looks like until now it's still operating. Let's just be careful about this website since until now it can still scam other especially those who are newbies. Nice catch by the way.

If you've been here on this market or even into those traditional ones then phishing site isnt something new yet scammers do really lurk in the shadows and
trying to mimic out those common sites on where they do know that they can make or steal money from others.This is why lots of them do exist and
expecting for metamask on having this one and even myetherwallet in the past had been created some phishing site even on exchange platforms too.
If you are a type of person who do love to make use of simple google search via keyword then you would most likely be victimized unless if you do know
the real url or even bookmarked then this is mostly been suggested.

perla

hero member

Activity: 1932

Merit: 504

Didn't know that there's a phishing site of Metamask I checked it out and it looks like until now it's still operating. Let's just be careful about this website since until now it can still scam other especially those who are newbies. Nice catch by the way.

Shallow

sr. member

Activity: 938

Merit: 255

SmartFi - EARN, LEND & TRADE

Phishing websites are always coming up because scammers believes there are people who will really fall for it, and sadly enough it is mostly those who do not have enough information about whatever thing they are doing, that is, a newbie can hardly differentiate a genuine website from the scam one, but those who already knows can identify it.
Thanks for bringing this to the attention of everyone to educate us and keep those who are not knowledgeable enough about metamask safe. Actually, I always find it important to bookmark every Important website i visit all the time, both exchanges and all that, because scammers will always be scammers looking for every slight chance to scam people.

btc_angela

hero member

Activity: 2660

Merit: 551

Here is another metamask phishing sites that needs to be reported:

Code:

http://metabrowser.org/

Archived: https://archive.is/JT5UF

Quote

Registrant Org    WhoisGuard, Inc.
Registrant Country    pa
Registrar    NameCheap, Inc.
IANA ID: 1068
URL: http://www.namecheap.com
Whois Server: whois.namecheap.com

(p)
Registrar Status    addPeriod, serverTransferProhibited
Dates    3 days old
Created on 2020-11-12
Expires on 2021-11-12
Updated on 2020-11-12

Name Servers    CLAYTON.NS.CLOUDFLARE.COM (has 18,643,619 domains)
MARLOWE.NS.CLOUDFLARE.COM (has 18,643,619 domains)


Tech Contact    —
IP Address    104.27.183.15 - 3 other sites hosted on this server

Jating

hero member

Activity: 2842

Merit: 772

Quote from: Bitcoin_Arena on November 09, 2020, 04:55:06 PM

Quote from: btc_angela on November 09, 2020, 03:48:21 AM

I don't know though how long will Google will take down the first site that I have found, it seems it is still index by them.

I am also wondering why it takes google so long to mark the website as phishing and yet it's an obvious case that doesn't require a lot of investigation. I also reported some links but nothing has been done. The only positive outcome so far is that metamask is a little quicker at including the domains in their scam database and displaying phishing warnings.

We may say that Google doesn't give a shit on those fake and phishing sites that has been reported to them. They have all the manpower and resources to do the review once it is reported and can take it down in less than 24-48 hours. But it has been days already since it has been reported to them and up to now they didn't do anything.

They should at least prioritised crypto related reports because scammers are making easy money specially from a lot of newbies. And now that the price of bitcoin is going up and Google trends regarding bitcoin is on a spike, it's possible that there could be individuals who can fall for this scheme.

pilosopotasyo

member

Activity: 952

Merit: 27

We should also report it to their host on this one NameCheap, Google is not very quick to take action, this is a clear violation of Namecheap TOS

How and where can I file abuse complaints?

Complain form
Submit a ticket

Bitcoin_Arena

copper member

Activity: 2114

Merit: 1814

฿itcoin for all, All for ฿itcoin.

Quote from: btc_angela on November 09, 2020, 03:48:21 AM

I don't know though how long will Google will take down the first site that I have found, it seems it is still index by them.

I am also wondering why it takes google so long to mark the website as phishing and yet it's an obvious case that doesn't require a lot of investigation. I also reported some links but nothing has been done. The only positive outcome so far is that metamask is a little quicker at including the domains in their scam database and displaying phishing warnings.

btc_angela

hero member

Activity: 2660

Merit: 551

Another one:

Code:

https://www.metaswap.dev/

Now it combine Metamask + keyword Swap, very clever trick by these criminals:

Archived: https://archive.is/HSGph

Quote

Registrant    REDACTED FOR PRIVACY
Registrant Org    WhoisGuard, Inc.
Registrant Country    pa
Registrar    Namecheap Inc.
IANA ID: 1068
URL: https://www.namecheap.com/
Whois Server: whois.namecheap.com

(p)
Registrar Status    clientTransferProhibited
Dates    6 days old
Created on 2020-11-03
Expires on 2021-11-03
Updated on 2020-11-08

Name Servers    DNS1.REGISTRAR-SERVERS.COM (has 6,723,497 domains)
DNS2.REGISTRAR-SERVERS.COM (has 6,723,497 domains)


Tech Contact    REDACTED FOR PRIVACY
REDACTED FOR PRIVACY,
REDACTED FOR PRIVACY, REDACTED FOR PRIVACY, REDACTED FOR PRIVACY
IP Address    199.34.228.78 - 23,435 other sites hosted on this server

I don't know though how long will Google will take down the first site that I have found, it seems it is still index by them.

Cryptoababe

member

Activity: 898

Merit: 19

Do it For Better Humanity (Bitget trader)

Quote from: btc_angela on November 02, 2020, 11:15:33 PM

Another of the Metamask phishing site, but this one, it's very simply, Lol, and it's not as clean as the other fake sites. Maybe the scammers get's sloppy and in a hurry to release it.

Code:

https://metamask.org-swap.app/

Archived: https://archive.is/yXZ0s

Quote

Registrar    Namecheap Inc.
IANA ID: 1068
URL: https://www.namecheap.com/
Whois Server: whois.namecheap.com

(p)
Registrar Status    addPeriod, clientTransferProhibited
Dates    1 days old
Created on 2020-11-01
Expires on 2021-11-01
Updated on 2020-11-01

Name Servers    DNS1.NAMECHEAPHOSTING.COM (has 953,454 domains)
DNS2.NAMECHEAPHOSTING.COM (has 953,454 domains)


Tech Contact    REDACTED FOR PRIVACY
REDACTED FOR PRIVACY,
REDACTED FOR PRIVACY, REDACTED FOR PRIVACY, REDACTED FOR PRIVACY
IP Address    162.0.235.242 - 121 other sites hosted on this server

Phishing sites are now many now.. I one saw a Phishing metamask on chrome store last year but I think it has been removed.
This one is even asking for seed phrase password

AakZaki

legendary

Activity: 2338

Merit: 1084

zknodes.org

In 2019 I have also found a type of Metamask wallet phishing in the form of a chrome addon that was added by scammers and many have downloaded it. This is quite unsettling and finally reported and then blocked. and at this time phishing websites similar to metamask have also appeared. Traps like this are very dangerous and will steal all of our assets if you enter your private key. Phishing methods are growing. We are required to continue to be aware of phishing methods like this.

We can only report if we find a phishing website or application that will be harmful to everyone.

Harlot

hero member

Activity: 1806

Merit: 672

Quote from: btc_angela on November 03, 2020, 09:35:23 PM

Probably the best thing we can do collectively, is to put pressure on Google by reporting it multiple times so that they will take actions. And big thanks for those who have reported it already!!

I don't know if this is effective since based from what I have seen in the past Google isn't reliable when it comes to taking down things. I remembered people who have complained for days in Google's Playstore when they have downloaded the xHelper adware that plague their devices yet they still see the app available for download even if it had gotten 1 star ratings and negative reviews. In Youtube you will see some hacked channels that were turned into Fake Crypto Giveaway streaming sites to have not been recovered by the true owner. These are just some of the sample cases under Google where they have not responded exactly what you are expecting them to do.

$crypto$

legendary

Activity: 2394

Merit: 1049

Smart is not enough, there must be skills

Quote from: TravelMug on November 03, 2020, 08:13:25 PM

I already reported the site the second time around. I don't know what the hell is Google waiting for.

Everyone should have a consensus effort to report every website we have seen being reported here on in the Scam Accusations board. I also do give some scam alert from time to time if I saw one in discord or telegram. For us, who have been here long enough, we can spot the fake site, but there could be beginners who might still fall for this scheme.

Many have reported this phishing site to Google, but now after I access it with the Chrome browser I can't access it again, it means that Google has followed up on this quickly so that no one can access it again after everything has been published.

But still at Mozilla this site can still be accessed so I think there are still victims who will be trapped in this hole, damn, I hope there is no second hole.

btc_angela I really appreciate your work finding this site and informing the newbie who is here.

btc_angela

hero member

Activity: 2660

Merit: 551

Probably the best thing we can do collectively, is to put pressure on Google by reporting it multiple times so that they will take actions. And big thanks for those who have reported it already!!

TravelMug

hero member

Activity: 2632

Merit: 833

I already reported the site the second time around. I don't know what the hell is Google waiting for.

Everyone should have a consensus effort to report every website we have seen being reported here on in the Scam Accusations board. I also do give some scam alert from time to time if I saw one in discord or telegram. For us, who have been here long enough, we can spot the fake site, but there could be beginners who might still fall for this scheme.

seoincorporation

legendary

Activity: 3346

Merit: 3125

Stealing mnemonic phrases looks like is becoming one of the favorite ways for hackers, this kind of attack applies not only for bitcoin, the other altcoins are getting affected. Is easy for the hackers to start a new site and if a user baits then the hacker will be able to pay for tons of new sites and new domains, they even use google ads for let the fake sites get on the first results of the browser. So, we must be careful. And stop trusting in the search engines because looks like they give zero fucks.

Rengga Jati

hero member

Activity: 2072

Merit: 656

royalstarscasino.com

Quote from: btc_angela on October 19, 2020, 10:48:34 AM

Code:

https://www.metamaskwallet.io/

It is still active now, let's report more this pishing site to shut down this and avoid more people tobe victims.
It is not the first time we find the fake metamask site, there were are several fake and pishing metamask sites and also application.
However, seeing the menu of this metamask, it is quite funny where we must log in to that site directly. Grin

The site is really different from the original one.
However, of course, we must be more and more careful. For people who do not know about it, it should be like the same moreover they also enclosure the team (although if clicked, it is the only images) LOL

Quote from: chanler on November 03, 2020, 09:19:58 AM

2. Fake hyperlink
Every hyperlink that is given in that site doesn't direct to what it should be, like GitHub, GitCoin, Contact Ust, and many more. All hyperlinks will be redirected to https://t.me/MetaMaskGroup. You can check them all, they are all fake

You're right, they only provide one hyperlink and that is also fake, not real. I tried to join the group and it is not available.

erikoy

full member

Activity: 686

Merit: 125

Fake sites or phishing sites is rampant everywhere because there is a tool that can make a sophisticated site that even a newbie could do. The tool was sold in the black market for only 1000 $ and this is why I think the reason why there are so many fake sites we had today. Anyway, fake or phiahing sites are not only targeting cryptocurrency but other financial sectors also like online banking or spending money through online transactions.

Upgate

member

Activity: 560

Merit: 14

This is very terrible. We ain't safer in crypto space again. Each day scammers are developing a different strategy to dupe people of their funds.
It will be all reasonable we report this metamask phishing site asap.
Thanks for letting us know about this phishing site

chanler

member

Activity: 753

Merit: 15

mulierum.com

Quote from: btc_angela on October 19, 2020, 10:48:34 AM

I just want to share this, I was looking for a Atomic Wallet (atomicwallet.io) when I got to chance and see a fake metamask.

Code:

https://www.metamaskwallet.io/

Wow, this site really looks convincing. See the difference with the original, namely the URL link must be https://metamask.io/

And until now, it is still on Google search, not shutting down yet, already make a report to Google, hopefully, the site is shut down quickly.

Well, after I opened the site, there is likely a convincing display and everything is like the Metamask.
But, actually, there are some striking differences and they are very suspicious.

Let's see these:

1. There is no link download application of metamask
We can find the download button at the bottom of the site, but when we click it, it will direct to the telegram group https://t.me/MetaMaskGroup.

2. Fake hyperlink
Every hyperlink that is given in that site doesn't direct to what it should be, like GitHub, GitCoin, Contact Ust, and many more. All hyperlinks will be redirected to https://t.me/MetaMaskGroup. You can check them all, they are all fake

3. Fake Telegram group
When we click the telegram group we can find the group, so it is only the URL link without the existing group. I also put the username in my telegram but I found nothing/no one.

4. Almost the same team display ( but only photo)
If we check on the team menu, there are only the displays of the team photos, but no descriptions like what is on the official site.

And I am sure there are still many differences like the Login menu and more others.

So here, just be careful about this phishing.

btc_angela

hero member

Activity: 2660

Merit: 551

Another of the Metamask phishing site, but this one, it's very simply, Lol, and it's not as clean as the other fake sites. Maybe the scammers get's sloppy and in a hurry to release it.

Code:

https://metamask.org-swap.app/

Archived: https://archive.is/yXZ0s

Quote

Registrar    Namecheap Inc.
IANA ID: 1068
URL: https://www.namecheap.com/
Whois Server: whois.namecheap.com

(p)
Registrar Status    addPeriod, clientTransferProhibited
Dates    1 days old
Created on 2020-11-01
Expires on 2021-11-01
Updated on 2020-11-01

Name Servers    DNS1.NAMECHEAPHOSTING.COM (has 953,454 domains)
DNS2.NAMECHEAPHOSTING.COM (has 953,454 domains)


Tech Contact    REDACTED FOR PRIVACY
REDACTED FOR PRIVACY,
REDACTED FOR PRIVACY, REDACTED FOR PRIVACY, REDACTED FOR PRIVACY
IP Address    162.0.235.242 - 121 other sites hosted on this server

nakamura12

hero member

Activity: 2268

Merit: 669

Bitcoin Casino Est. 2013

This should be shared to all those who are going to use metamask to avoid getting phished by these scammers. Even bookmarking the real sites could lead you to trouble too even the copy paste system where a malware hacks your clipboard. Instead of pasting the original site or link but it will paste the fake one same as the address.

Salauddin1994

member

Activity: 868

Merit: 15

This is great news and strategy for newcomers the number of counterfeits is increasing due to the increasing demand for crypto it will keep various websites safe while using them and is a new strategy to avoid hackers. Fraudsters use this method to steal information from people by setting up a well-established website phishing is usually done via email and instant messaging fraudsters also deceive their victims and take them to their websites the website mimics the look of the original website of the concerned user's email bank or credit card.

pakhitheboss

hero member

Activity: 2156

Merit: 803

Top Crypto Casino

If you are not at all attentive you will easily fall for this clone website. Metamask has been subjected to numerous scams using clone website or apps in the past. I once in the past thought that Metamask has a mobile app untill someone pointed out that it does not in this forum.

Beware of such scams and always check this board if you want to stay updated for the latest scams.

btc_angela

hero member

Activity: 2660

Merit: 551

Quote from: Bitcoin_Arena on October 19, 2020, 05:22:02 PM

Nice catch OP. Isn't this supposed to be in the scam accusations board?
I think that's the place most people search when they are locking for scam or malicious websites.

I have reported the website to google safe browsing. Anybody else interested can do the same - https://safebrowsing.google.com/safebrowsing/report_phish/?hl=e

Thanks for reporting it, however, I felt it's appropriate to post it here as newbies never frequented scam accusations board until they themselves got scammed already.

@libert19 - yes not typo whatsoever, that's why this trick is very dangerous, plus the *.io extension, it will really look credible to a newbie or beginner.

lovesmayfamilis

legendary

Activity: 2072

Merit: 4265

✿♥‿♥✿

From the latest statistics, the number of phishing sites skyrocketed in 2020. This is due to general home quarantine. The number of Internet services is increasing every day, and fraud is also growing.
https://hostingtribunal.com/blog/phishing-statistics/

Perhaps we all need to get used to the realities of life, and all sites that are significant to us need to add to our browser favorites. The browser can create several profiles, which can be appointed to different needs. As a result, all sites that are on your bookmarks will be ranked. Using bookmarks is much safer than typing a site in a search engine, where there is a real danger of getting to a phishing site.

libert19

hero member

Activity: 2520

Merit: 952

This is first phishing site where I did not see typo. Scammer did decent work here lmao

TravelMug

hero member

Activity: 2632

Merit: 833

Yes, this is very dangerous site and really needs to be taken down.

The real website is: https://metamask.io/

And what makes this dangerous is that it the name is very close to the real one, so it's easy to be trap on this. I also reported it google's safe browsing. Did anyone notice though after you send the report:

Quote

Report Sent

Thanks for sending a report to Google. Now that you've done your good deed for the day, feel free to:

1. Take a second to rejoice merrily for doing your part in making the web a safer place.

So I do hope that anyone reading this will do a good deed by reporting it so that it will be taken down asap.

Bitcoin_Arena

copper member

Activity: 2114

Merit: 1814

฿itcoin for all, All for ฿itcoin.

Nice catch OP. Isn't this supposed to be in the scam accusations board?
I think that's the place most people search when they are locking for scam or malicious websites.

I have reported the website to google safe browsing. Anybody else interested can do the same - https://safebrowsing.google.com/safebrowsing/report_phish/?hl=e

erikoy

full member

Activity: 686

Merit: 125

Good site. all the spelling is good unless you know the extension then you can say that it is fake.

I think high chances that many will going to fall for it. Imagine the spelling of the site is completely the same with the original wallet site. However, since it all being reported and shared here then i guess some of the members now can be aware. Not all but at least. This is the important of raising awareness so that everbody could not fall for any trap in the likes of the phishing site.

Raflesia

hero member

Activity: 2282

Merit: 560

_""""Duelbits""""_

The Metamask phishing site is increasingly prevalent, not just metamask with other names, the scamer is always made the same as asking to log in with 12 keywords from the wallet so that you can control after entering it, oh god the scamer doesn't get tired if my prayer is granted then turn off the scamer .

This is very appropriate to share on this board because on average here newbie users will know if they want to use metamask so check and be careful before entering their private password.

Mandarava

full member

Activity: 742

Merit: 103

Wow. Someone who is not as attentive and not as knowledgeable in these matters as you are will certainly fall into this trap. As soon as a new wave of interest from users arises in the cryptocurrency space, new tricks immediately arise from hackers. Thanks for posting this.

btc_angela

hero member

Activity: 2660

Merit: 551

I just want to share this, I was looking for a Atomic Wallet (atomicwallet.io) when I got to chance and see a fake metamask.

Code:

https://www.metamaskwallet.io/

Archived: https://archive.is/6g3ur

Quote

Domain Profile
Registrant Org    WhoisGuard, Inc.
Registrant Country    pa
Registrar    NameCheap, Inc
IANA ID: 1068
URL: www.namecheap.com
Whois Server: whois.namecheap.com

(p)
Registrar Status    addPeriod, clientTransferProhibited, serverTransferProhibited
Dates    2 days old
Created on 2020-10-17
Expires on 2021-10-17
Updated on 2020-10-17

IP Address    199.34.228.76 - 22,018 other sites hosted on this server

https://whois.domaintools.com/metamaskwallet.io

https://www.virustotal.com/gui/ip-address/199.34.228.76/detection

Topic: Metamask phishing site (Read 441 times)