Author

Topic: Metamask phishing site (Read 455 times)

hero member
Activity: 2660
Merit: 551
November 16, 2020, 02:03:26 AM
#33
Didn't know that there's a phishing site of Metamask I checked it out and it looks like until now it's still operating. Let's just be careful about this website since until now it can still scam other especially those who are newbies. Nice catch by the way.

Metamask is one of the most targeted phishing attacks by this criminals. It has reached 1 million downloads already or more, so it make sense for this criminals to mimic Metamask and hope that someone will fall for their scheme. So just be careful, and I'm sure there are a lot of phishing websites that hasn't been uncovered. So I will keep this thread updated whenever I found one.
sr. member
Activity: 2604
Merit: 339
Vave.com - Crypto Casino
November 15, 2020, 04:39:26 PM
#32
Didn't know that there's a phishing site of Metamask I checked it out and it looks like until now it's still operating. Let's just be careful about this website since until now it can still scam other especially those who are newbies. Nice catch by the way.

If you've been here on this market or even into those traditional ones then phishing site isnt something new yet scammers do really lurk in the shadows and
trying to mimic out those common sites on where they do know that they can make or steal money from others.This is why lots of them do exist and
expecting for metamask on having this one and even myetherwallet in the past had been created some phishing site even on exchange platforms too.
If you are a type of person who do love to make use of simple google search via keyword then you would most likely be victimized unless if you do know
the real url or even bookmarked then this is mostly been suggested.
hero member
Activity: 1932
Merit: 504
November 15, 2020, 01:57:27 PM
#31
Didn't know that there's a phishing site of Metamask I checked it out and it looks like until now it's still operating. Let's just be careful about this website since until now it can still scam other especially those who are newbies. Nice catch by the way.
sr. member
Activity: 938
Merit: 255
SmartFi - EARN, LEND & TRADE
November 15, 2020, 11:35:32 AM
#30
Phishing websites are always coming up because scammers believes there are people who will really fall for it, and sadly enough it is mostly those who do not have enough information about whatever thing they are doing, that is, a newbie can hardly differentiate a genuine website from the scam one, but those who already knows can identify it.
Thanks for bringing this to the attention of everyone to educate us and keep those who are not knowledgeable enough about metamask safe. Actually, I always find it important to bookmark every Important website i visit all the time, both exchanges and all that, because scammers will always be scammers looking for every slight chance to scam people.
hero member
Activity: 2660
Merit: 551
November 15, 2020, 03:17:58 AM
#29
Here is another metamask phishing sites that needs to be reported:

Code:
http://metabrowser.org/

Archived: https://archive.is/JT5UF



Quote
Registrant Org    WhoisGuard, Inc.
Registrant Country    pa
Registrar    NameCheap, Inc.
IANA ID: 1068
URL: http://www.namecheap.com
Whois Server: whois.namecheap.com

(p)
Registrar Status    addPeriod, serverTransferProhibited
Dates    3 days old
Created on 2020-11-12
Expires on 2021-11-12
Updated on 2020-11-12    

  
Name Servers    CLAYTON.NS.CLOUDFLARE.COM (has 18,643,619 domains)
MARLOWE.NS.CLOUDFLARE.COM (has 18,643,619 domains)
   
  
Tech Contact    —
IP Address    104.27.183.15 - 3 other sites hosted on this server
hero member
Activity: 2842
Merit: 772
November 09, 2020, 06:26:29 PM
#28
I don't know though how long will Google will take down the first site that I have found, it seems it is still index by them.
I am also wondering why it takes google so long to mark the website as phishing and yet it's an obvious case that doesn't require a lot of investigation. I also reported some links but nothing has been done. The only positive outcome so far is that metamask is a little quicker at including the domains in their scam database and displaying phishing warnings.


We may say that Google doesn't give a shit on those fake and phishing sites that has been reported to them. They have all the manpower and resources to do the review once it is reported and can take it down in less than 24-48 hours. But it has been days already since it has been reported to them and up to now they didn't do anything.

They should at least prioritised crypto related reports because scammers are making easy money specially from a lot of newbies. And now that the price of bitcoin is going up and Google trends regarding bitcoin is on a spike, it's possible that there could be individuals who can fall for this scheme.
member
Activity: 952
Merit: 27
November 09, 2020, 06:20:37 PM
#27
We should also report it to their host on this one NameCheap, Google is not very quick to take action, this is a clear violation of Namecheap TOS

How and where can I file abuse complaints?

Complain form
Submit a ticket
copper member
Activity: 2128
Merit: 1814
฿itcoin for all, All for ฿itcoin.
November 09, 2020, 04:55:06 PM
#26
I don't know though how long will Google will take down the first site that I have found, it seems it is still index by them.
I am also wondering why it takes google so long to mark the website as phishing and yet it's an obvious case that doesn't require a lot of investigation. I also reported some links but nothing has been done. The only positive outcome so far is that metamask is a little quicker at including the domains in their scam database and displaying phishing warnings.

hero member
Activity: 2660
Merit: 551
November 09, 2020, 03:48:21 AM
#25
Another one:

Code:
https://www.metaswap.dev/

Now it combine Metamask + keyword Swap, very clever trick by these criminals:



Archived: https://archive.is/HSGph

Quote
Registrant    REDACTED FOR PRIVACY
Registrant Org    WhoisGuard, Inc.
Registrant Country    pa
Registrar    Namecheap Inc.
IANA ID: 1068
URL: https://www.namecheap.com/
Whois Server: whois.namecheap.com

(p)
Registrar Status    clientTransferProhibited
Dates    6 days old
Created on 2020-11-03
Expires on 2021-11-03
Updated on 2020-11-08    
 
Name Servers    DNS1.REGISTRAR-SERVERS.COM (has 6,723,497 domains)
DNS2.REGISTRAR-SERVERS.COM (has 6,723,497 domains)
   
 
Tech Contact    REDACTED FOR PRIVACY
REDACTED FOR PRIVACY,
REDACTED FOR PRIVACY, REDACTED FOR PRIVACY, REDACTED FOR PRIVACY
IP Address    199.34.228.78 - 23,435 other sites hosted on this server

I don't know though how long will Google will take down the first site that I have found, it seems it is still index by them.
member
Activity: 919
Merit: 19
Do it For Better Humanity (Bitget trader)
November 07, 2020, 02:37:14 PM
#24
Another of the Metamask phishing site, but this one, it's very simply, Lol, and it's not as clean as the other fake sites. Maybe the scammers get's sloppy and in a hurry to release it.

Code:
https://metamask.org-swap.app/

Archived: https://archive.is/yXZ0s



Quote
Registrar    Namecheap Inc.
IANA ID: 1068
URL: https://www.namecheap.com/
Whois Server: whois.namecheap.com

(p)
Registrar Status    addPeriod, clientTransferProhibited
Dates    1 days old
Created on 2020-11-01
Expires on 2021-11-01
Updated on 2020-11-01    
 
Name Servers    DNS1.NAMECHEAPHOSTING.COM (has 953,454 domains)
DNS2.NAMECHEAPHOSTING.COM (has 953,454 domains)
   
 
Tech Contact    REDACTED FOR PRIVACY
REDACTED FOR PRIVACY,
REDACTED FOR PRIVACY, REDACTED FOR PRIVACY, REDACTED FOR PRIVACY
IP Address    162.0.235.242 - 121 other sites hosted on this server

Phishing sites are now many now.. I one saw a Phishing metamask on chrome store last year  but I think it has been removed.
This one is even asking for seed phrase password
legendary
Activity: 2366
Merit: 1084
zknodes.org
November 07, 2020, 12:29:41 PM
#23
In 2019 I have also found a type of Metamask wallet phishing in the form of a chrome addon that was added by scammers and many have downloaded it. This is quite unsettling and finally reported and then blocked. and at this time phishing websites similar to metamask have also appeared. Traps like this are very dangerous and will steal all of our assets if you enter your private key. Phishing methods are growing. We are required to continue to be aware of phishing methods like this.

We can only report if we find a phishing website or application that will be harmful to everyone.
hero member
Activity: 1806
Merit: 672
November 04, 2020, 05:21:31 AM
#22
Probably the best thing we can do collectively, is to put pressure on Google by reporting it multiple times so that they will take actions. And big thanks for those who have reported it already!!

I don't know if this is effective since based from what I have seen in the past Google isn't reliable when it comes to taking down things. I remembered people who have complained for days in Google's Playstore when they have downloaded the xHelper adware that plague their devices yet they still see the app available for download even if it had gotten 1 star ratings and negative reviews. In Youtube you will see some hacked channels that were turned into Fake Crypto Giveaway streaming sites to have not been recovered by the true owner. These are just some of the sample cases under Google where they have not responded exactly what you are expecting them to do.
legendary
Activity: 2394
Merit: 1049
Smart is not enough, there must be skills
November 04, 2020, 03:53:31 AM
#21
I already reported the site the second time around. I don't know what the hell is Google waiting for.

Everyone should have a consensus effort to report every website we have seen being reported here on in the Scam Accusations board. I also do give some scam alert from time to time if I saw one in discord or telegram. For us, who have been here long enough, we can spot the fake site, but there could be beginners who might still fall for this scheme.

Many have reported this phishing site to Google, but now after I access it with the Chrome browser I can't access it again, it means that Google has followed up on this quickly so that no one can access it again after everything has been published.

But still at Mozilla this site can still be accessed so I think there are still victims who will be trapped in this hole, damn, I hope there is no second hole.

btc_angela I really appreciate your work finding this site and informing the newbie who is here.
hero member
Activity: 2660
Merit: 551
November 03, 2020, 09:35:23 PM
#20
Probably the best thing we can do collectively, is to put pressure on Google by reporting it multiple times so that they will take actions. And big thanks for those who have reported it already!!
hero member
Activity: 2632
Merit: 833
November 03, 2020, 08:13:25 PM
#19
I already reported the site the second time around. I don't know what the hell is Google waiting for.

Everyone should have a consensus effort to report every website we have seen being reported here on in the Scam Accusations board. I also do give some scam alert from time to time if I saw one in discord or telegram. For us, who have been here long enough, we can spot the fake site, but there could be beginners who might still fall for this scheme.
legendary
Activity: 3346
Merit: 3130
November 03, 2020, 08:06:33 PM
#18
Stealing mnemonic phrases looks like is becoming one of the favorite ways for hackers, this kind of attack applies not only for bitcoin, the other altcoins are getting affected. Is easy for the hackers to start a new site and if a user baits then the hacker will be able to pay for tons of new sites and new domains, they even use google ads for let the fake sites get on the first results of the browser. So, we must be careful. And stop trusting in the search engines because looks like they give zero fucks.
hero member
Activity: 2156
Merit: 670
Hire Bitcointalk Camp. Manager @ r7promotions.com
November 03, 2020, 06:53:36 PM
#17
Code:
https://www.metamaskwallet.io/
It is still active now, let's report more this pishing site to shut down this and avoid more people tobe victims.
It is not the first time we find the fake metamask site, there were are several fake and pishing metamask sites and also application.
However, seeing the menu of this metamask, it is quite funny where we must log in to that site directly.  Grin Grin
The site is really different from the original one.
However, of course, we must be more and more careful. For people who do not know about it, it should be like the same moreover they also enclosure the team (although if clicked, it is the only images) LOL

2. Fake hyperlink
Every hyperlink that is given in that site doesn't direct to what it should be, like GitHub, GitCoin, Contact Ust, and many more. All hyperlinks will be redirected to https://t.me/MetaMaskGroup. You can check them all, they are all fake
You're right, they only provide one hyperlink and that is also fake, not real. I tried to join the group and it is not available.
full member
Activity: 686
Merit: 125
November 03, 2020, 06:01:34 PM
#16
Fake sites or phishing sites is rampant everywhere because there is a tool that can make a sophisticated site that even a newbie could do. The tool was sold in the black market for only 1000 $ and this is why I think the reason why there are so many fake sites we had today. Anyway, fake or phiahing sites are not only targeting cryptocurrency but other financial sectors also like online banking or spending money through online transactions.
member
Activity: 560
Merit: 14
November 03, 2020, 10:49:48 AM
#15
This is very terrible. We ain't safer in crypto space again. Each day scammers are developing a different strategy to dupe people of their funds.
It will be all reasonable we report this metamask phishing site asap.
Thanks for letting us know about this phishing site
member
Activity: 753
Merit: 15
mulierum.com
November 03, 2020, 09:19:58 AM
#14
I just want to share this, I was looking for a Atomic Wallet (atomicwallet.io) when I got to chance and see a fake metamask.

Code:
https://www.metamaskwallet.io/
Wow, this site really looks convincing. See the difference with the original, namely the URL link must be https://metamask.io/

And until now, it is still on Google search, not shutting down yet, already make a report to Google, hopefully, the site is shut down quickly.

Well, after I opened the site, there is likely a convincing display and everything is like the Metamask.
But, actually, there are some striking differences and they are very suspicious.

Let's see these:

1. There is no link download application of metamask
We can find the download button at the bottom of the site, but when we click it, it will direct to the telegram group https://t.me/MetaMaskGroup.

2. Fake hyperlink
Every hyperlink that is given in that site doesn't direct to what it should be, like GitHub, GitCoin, Contact Ust, and many more. All hyperlinks will be redirected to https://t.me/MetaMaskGroup. You can check them all, they are all fake

3. Fake Telegram group
When we click the telegram group we can find the group, so it is only the URL link without the existing group. I also put the username in my telegram but I found nothing/no one.

4. Almost the same team display ( but only photo)
If we check on the team menu, there are only the displays of the team photos, but no descriptions like what is on the official site.

And I am sure there are still many differences like the Login menu and more others.

So here, just be careful about this phishing.

hero member
Activity: 2660
Merit: 551
November 02, 2020, 11:15:33 PM
#13
Another of the Metamask phishing site, but this one, it's very simply, Lol, and it's not as clean as the other fake sites. Maybe the scammers get's sloppy and in a hurry to release it.

Code:
https://metamask.org-swap.app/ 

Archived: https://archive.is/yXZ0s



Quote
Registrar    Namecheap Inc.
IANA ID: 1068
URL: https://www.namecheap.com/
Whois Server: whois.namecheap.com

(p)
Registrar Status    addPeriod, clientTransferProhibited
Dates    1 days old
Created on 2020-11-01
Expires on 2021-11-01
Updated on 2020-11-01    
 
Name Servers    DNS1.NAMECHEAPHOSTING.COM (has 953,454 domains)
DNS2.NAMECHEAPHOSTING.COM (has 953,454 domains)
   
 
Tech Contact    REDACTED FOR PRIVACY
REDACTED FOR PRIVACY,
REDACTED FOR PRIVACY, REDACTED FOR PRIVACY, REDACTED FOR PRIVACY
IP Address    162.0.235.242 - 121 other sites hosted on this server
hero member
Activity: 2268
Merit: 669
Bitcoin Casino Est. 2013
October 20, 2020, 04:09:16 AM
#12
This should be shared to all those who are going to use metamask to avoid getting phished by these scammers. Even bookmarking the real sites could lead you to trouble too even the copy paste system where a malware hacks your clipboard. Instead of pasting the original site or link but it will paste the fake one same as the address.
member
Activity: 868
Merit: 15
October 20, 2020, 03:11:51 AM
#11
This is great news and strategy for newcomers the number of counterfeits is increasing due to the increasing demand for crypto it will keep various websites safe while using them and is a new strategy to avoid hackers. Fraudsters use this method to steal information from people by setting up a well-established website phishing is usually done via email and instant messaging fraudsters also deceive their victims and take them to their websites the website mimics the look of the original website of the concerned user's email bank or credit card.
hero member
Activity: 2156
Merit: 803
Top Crypto Casino
October 20, 2020, 03:06:55 AM
#10
If you are not at all attentive you will easily fall for this clone website. Metamask has been subjected to numerous scams using clone website or apps in the past. I once in the past thought that Metamask has a mobile app untill someone pointed out that it does not in this forum.

Beware of such scams and always check this board if you want to stay updated for the latest scams.
hero member
Activity: 2660
Merit: 551
October 20, 2020, 01:14:22 AM
#9
Nice catch OP. Isn't this supposed to be in the scam accusations board?
I think that's the place most people search when they are locking for scam or malicious websites.

I have reported the website to google safe browsing. Anybody else interested can do the same - https://safebrowsing.google.com/safebrowsing/report_phish/?hl=e

Thanks for reporting it, however, I felt it's appropriate to post it here as newbies never frequented scam accusations board until they themselves got scammed already.

@libert19 - yes not typo whatsoever, that's why this trick is very dangerous, plus the *.io extension, it will really look credible to a newbie or beginner.
legendary
Activity: 2072
Merit: 4265
✿♥‿♥✿
October 20, 2020, 01:11:45 AM
#8
From the latest statistics, the number of phishing sites skyrocketed in 2020. This is due to general home quarantine. The number of Internet services is increasing every day, and fraud is also growing.
https://hostingtribunal.com/blog/phishing-statistics/

Perhaps we all need to get used to the realities of life, and all sites that are significant to us need to add to our browser favorites. The browser can create several profiles, which can be appointed to different needs. As a result, all sites that are on your bookmarks will be ranked. Using bookmarks is much safer than typing a site in a search engine, where there is a real danger of getting to a phishing site.
hero member
Activity: 2520
Merit: 952
October 19, 2020, 10:41:16 PM
#7
This is first phishing site where I did not see typo. Scammer did decent work here lmao
hero member
Activity: 2632
Merit: 833
October 19, 2020, 09:02:19 PM
#6
Yes, this is very dangerous site and really needs to be taken down.

The real website is: https://metamask.io/

And what makes this dangerous is that it the name is very close to the real one, so it's easy to be trap on this. I also reported it google's safe browsing. Did anyone notice though after you send the report:



Quote
Report Sent

Thanks for sending a report to Google. Now that you've done your good deed for the day, feel free to:

1. Take a second to rejoice merrily for doing your part in making the web a safer place.

So I do hope that anyone reading this will do a good deed by reporting it so that it will be taken down asap.
copper member
Activity: 2128
Merit: 1814
฿itcoin for all, All for ฿itcoin.
October 19, 2020, 05:22:02 PM
#5
Nice catch OP. Isn't this supposed to be in the scam accusations board?
I think that's the place most people search when they are locking for scam or malicious websites.

I have reported the website to google safe browsing. Anybody else interested can do the same - https://safebrowsing.google.com/safebrowsing/report_phish/?hl=e
full member
Activity: 686
Merit: 125
October 19, 2020, 04:57:56 PM
#4
Good site. all the spelling is good unless you know the extension then you can say that it is fake.

I think high chances that many will going to fall for it. Imagine the spelling of the site is completely the same with the original wallet site. However, since it all being reported and shared here then i guess some of the members now can be aware. Not all but at least. This is the important of raising awareness so that everbody could  not fall for any trap in the likes of the phishing site.
hero member
Activity: 2282
Merit: 560
_""""Duelbits""""_
October 19, 2020, 11:51:50 AM
#3
The Metamask phishing site is increasingly prevalent, not just metamask with other names, the scamer is always made the same as asking to log in with 12 keywords from the wallet so that you can control after entering it, oh god the scamer doesn't get tired if my prayer is granted then turn off the scamer .

This is very appropriate to share on this board because on average here newbie users will know if they want to use metamask so check and be careful before entering their private password.
full member
Activity: 742
Merit: 103
October 19, 2020, 11:21:02 AM
#2
Wow. Someone who is not as attentive and not as knowledgeable in these matters as you are will certainly fall into this trap. As soon as a new wave of interest from users arises in the cryptocurrency space, new tricks immediately arise from hackers. Thanks for posting this.
hero member
Activity: 2660
Merit: 551
October 19, 2020, 10:48:34 AM
#1
I just want to share this, I was looking for a Atomic Wallet (atomicwallet.io) when I got to chance and see a fake metamask.

Code:
https://www.metamaskwallet.io/

Archived: https://archive.is/6g3ur



Quote
Domain Profile
Registrant Org    WhoisGuard, Inc.
Registrant Country    pa
Registrar    NameCheap, Inc
IANA ID: 1068
URL: www.namecheap.com
Whois Server: whois.namecheap.com

(p)
Registrar Status    addPeriod, clientTransferProhibited, serverTransferProhibited
Dates    2 days old
Created on 2020-10-17
Expires on 2021-10-17
Updated on 2020-10-17


IP Address    199.34.228.76 - 22,018 other sites hosted on this server

https://whois.domaintools.com/metamaskwallet.io



https://www.virustotal.com/gui/ip-address/199.34.228.76/detection
Jump to: