Topic: Scam targeting Metamask wallet user's (Read 257 times)

Scammers seem to keep finding new ways to scam other people. I received this just yesterday and I've got to admit that it looks pretty realistic.

The sender appears to be Binance, but ultimately if you click for more information, you'll see that it has nothing to do with Binance whatsoever. It's also interesting to mention that the email wasn't directly sent to spam, but remained in the inbox folder. From the looks of it, it seems to attempt to steal information by luring you to connect your DEX wallet (Metamask, Trustwallet etc.). It's easy to claim that there are quite a few phishing attempts targeting cryptocurrency users, and scammers will keep finding new ways in order to succeed.

One thing I know for sure is that once you have an application stored or already installed in your phone, when ever the application is outdated or a new version is available, one you open the application, the update notice pops up immediately for your actions of updating it or you get a notification on your phone based on your settings but sending random messages to people is what I do not get. I still know some people would fall for this scam so easily as they have no knowledge about how it works.
OP you did well by calling the attention of members here to seeing this mail you received. It would help a long way to calling to the consciousness of members here to look out for such mail and quickly delete it from their nox so as not to get scammed.

Losing assets from your Metamask wallet just like that without a trace of what actually happened to the wallet might be a result of a phishing attack, or there might have been leakage somewhere that you were not aware of. Because I have not heard of a Metamask wallet being compromised without the user actually being the one who might have divulged the wallet's private information to scammers.
If no, then this is another useful piece of information for everyone to start avoiding it.

Somehow I've been away from Metamask wallet for quite some time, since then strange things have been happening, I suspect scammers are roaming there, ehh it's true, I've been using Metamask wallet for almost a year at that time and I've done some activities there, somehow my crypto asset disappeared by itself in minutes, since that incident i decided to unsubscribe with Metamask/closure.

I feel insecure dealing with Metamask wallets, until now, my prediction is correct that wallets are the target of scammers, this is really bad.

---

Everything you said is true, precisely for the time of that incident, i have updated and replaced all my devices for future safety, i really avoid to use Metamask wallet, ever.

Totally agree with you; currently, there is nothing that can't be sold or gotten from the market; even our social media data and places where we might think our data is secured and safe, those personal details are to some extent still sold out to third parties. And there are also lots of tools out there that extract mail from a user's profile without the user's knowledge. That's why it's advisable for us to always use one mail for one site and avoid having unexpected mail go into the ignore list.

Unfortunately, Metamask is not the only wallet that scammers send such messages to its users to upgrade their wallets. I previously found the same message, but for the application of the Trust wallet, Binance, and MEXC platforms, and they put a malicious link containing a fake application in order to be downloaded by the recipients of the messages and users of the platforms, so the first step is to know what the message was real or fake is to look at the official email of the sender, the domain link that these scammers sent, and the tweets and announcements of the wallet or the exchange platform on their official websites or social media. And I advise you to use a "Custom email" for the public and a custom email for your financial accounts; also, do not open any links in the message sent to you and do not download any application from the mail or any PDF, and finally make your trust zero in incoming mail messages so that you do not regret!

I think the best solution is that our main email should be different from contact email. generally we use one mail for all purpose which is not good option. i created one email for Binance only and did not share with anybody because most of my fund are there for trading purpose. I using one mail for airdrops and from this mail i Recieving daily spam mails and i don't caring of them.

Creating a new account will not solve the problem, but rather that you do not share your email address publicly, or at least with trusted parties only.
These users collect thousands of data from several sources, and therefore you should be careful in publishing an email and not clicking random links.

I have some emails that have been leaked so I keep receiving spam and phishing links I just report it as spam so it will not go directly to my main folder it's no use changing my email because this is where I receive my communication.
I just knew that if the email is unfamiliar to me it should be ignored and it should report spam so if they happen to use the same email to send another one it will automatically drop in the spam folder to be deleted within 30 days.

I will never be tempted to open these emails because we all know how good scammers are at making interesting headers in their emails.

I just want to suggest labeling email accounts that should be considered "leaky" after receiving this kind of email, maybe we've shared emails to public places in the past due to lack of privacy awareness back then.
If your "leaked" email is used for a service account that is actively used such as an exchange, it would be better to change it with fresh new emails and only dedicated to that service.

When we share our contact information on a website, they sell that information to criminals, or hackers steal user information from those websites. Anything can happen to crypto users online with a little carelessness, so it's important to be vigilant to stay safe. Because scammers are constantly advancing and changing their data collection techniques. I have already exposed a trick of the scammers. https://bitcointalksearch.org/topic/m.62074664

Scammers have done and still do a lot of scams using Google ads. Through the use of advertising, they bring fake websites to the top of search results that easily trap inexperienced crypto users. However, scammers use a different strategy by collecting emails, scammers use Google ads to promote phishing websites.

These scammers using different strategies to cheat people. These cyber criminals emails are old way of stealing phrase/private key. I was also recieved similar type of messages about Binance app update and when i checked, it was phising app. as for as Metamask then almost every user know that Metamask has no connection with sending email for update etc but in case of Binance or any Cex exchange one can be cheated. I created thread months ago on this. BINANCE APP Reinstall warning


Email is just one way of scamming and that not end here. They uses lot of other sources to get users data. The most dangerous one is google promotion. when you search in google about Metamask (usually we search for installing Extension), the first page will be scam website which is complete phising site of original one. when you download the extension, they will ask for key. so we should be careful and should learn new way of hacking/scamming and then try our best for our fund safety

Most of these criminals spreading fake alerts got our email on airdrops or any other platform turn scams we participate before. Right now we can see the effect if we are not careful on sending out emails everywhere since we might receive more emails like this. They target metamask users because they know that maybe some other users might bite the trap they set and to bad for a person if no verification will be done since most of them will be the favorite victim by these hackers or scammers.

Those who send these emails are cybercriminals, your email address may have been stolen from somewhere and they are now sending such fake emails. Metamask does not collect their users' email addresses, so scammers are sending these emails targeting crypto users.

Because they know that a large part of crypto users use metamask, and this random email can bring them the expected results. Therefore, crypto users should verify the source of the email before clicking on any link included in the email.

Exactly, there is no email provided when we created a Metamask wallet.

So the question, is how did the OP get the email from the criminals? the only logical answer is that his emails might have been leaked. So just be careful not just to the OP but for those who got this kind of emails though. This is an old trick but for sure maybe there could still be someone who are going to fall for this trick.

I have read it carefully before posting the reply and that was my response in such situation. I also never mentioned that it was you who said Metamask requires e-mail for creating wallet, but it is my way of replying to a question. My whole reply was to show that how those malicious hackers are using the name of Metamask to create panic in the mind of the users in order to steal their secret key. I think they might sent such mail to a list of users not only you, and many of those users might have shared their secret keys on that site of the malicious actors. You were technically good and were aware of such things so you protected yourself from their trap, and shared the thing with the users to promote awareness regarding such scams.



Well, you have taken the right step by creating a new e-mail account for yourself. However, there are some users who basically register with their single e-mail account on many websites and in that case the better option is to just block those senders and even if they try sending you the mail from multiple accounts, it's better to block all of those accounts. I personally use my main e-mail to register on many sites and I have seen such e-mails many times, I blocked most of the senders who sent such e-mails and now there aren't any such mails coming on my e-mail account. I would also say that if someone can create a new account then that's the best solution to get rid of such fraudsters, but if it's not possible for a person to change the e-mail account then the best option is to block the sender or senders if they are using more than one account for sending such mails.

If you read the OP correctly, you will understand that it's an already-known fact. I never said Metamask requires email to create a wallet; in fact, there are never any personal details needed for you to have a Metamask wallet. It's just a question directed at the scammer's way of thinking: do they actually think anyone who is familiar with how the system works will fall victim to such an easily identifiable scam?



Blocking the sender's email is not actually the real solution to this; it will only restrict the sender from sending you mail from that mail box, but other mails can still be created. Aside from that, you never know where they got your email from, so the best solution is either to ignore the mail completely or to create a new email, which is what I have done since the mail is not even associated with any of my important stuff online.

That message is not from Metamask and in fact Metamask doesn't send its users any emails for their accounts. When someone creates a Metamask account the user only have to create a secure password and then they will get 12 seed words secret key that they have to hide from others.

In the whole process there isn't any involvement of e-mail and the fearful thing is that the impostors are trying to show that they are Metamask team and they're trying to create fear in the minds of users so a user may click the provided link and enter his/her details in order to secure their wallet account.

That's a phishing a attack and in this case someone with malicious intent has got your e-mail address and is now trying to get it compromised with the help of social engineering attacks. The best way to avoid such e-mails is to block the sender and do nothing else to be on the safe side. I recommend you to never click such link because they might have access to some vulnerabilities of your Operating system or other applications that when altered could grant them permissions manipulate your device with code execution.

Phising is the most common way to scam anyone. If you are getting such email then block them as after opening this mail you will get bombarded with more. There is technique by which a scammers gets a message whenever someone opens the mail. You might also receive. I have been recieving such mails for sometime now. What I generally do is block them and next time the scammer sends me any mail it automatically goes to my spam box.  

As you have recieved such an email visit thsi website Have I been pwned to find out whether you email address has been breached.  

metamask collects some data about you, for example, but not limited to your IP addresses and all your wallet addresses. I would like to quote their data from their site, but I cannot access the page (I do not know if they have restrictions on Tor, or if the problem is from my browser)

Although I do not trust this source -----> https://w3academy.io/metamask-collecting-your-data-what-you-need-to-know/, I quoted from it.


someone may be able to purchase your data from several sources, and then he will have information such as your addresses, your IP addresses, and your personal details such as your email address. All he will need is to prepare a message for you, for example, $ 500 has been withdrawn from your wallet with XXX address, and you need to update your wallet With an email that is very similar to the official email.