Author

Topic: Scam targeting Metamask wallet user's (Read 317 times)

hero member
Activity: 1680
Merit: 845
June 15, 2023, 06:42:13 PM
#27
Scammers seem to keep finding new ways to scam other people. I received this just yesterday and I've got to admit that it looks pretty realistic.

The sender appears to be Binance, but ultimately if you click for more information, you'll see that it has nothing to do with Binance whatsoever. It's also interesting to mention that the email wasn't directly sent to spam, but remained in the inbox folder. From the looks of it, it seems to attempt to steal information by luring you to connect your DEX wallet (Metamask, Trustwallet etc.). It's easy to claim that there are quite a few phishing attempts targeting cryptocurrency users, and scammers will keep finding new ways in order to succeed.
sr. member
Activity: 728
Merit: 421
June 15, 2023, 03:18:38 PM
#26
One thing I know for sure is that once you have an application stored or already installed in your phone, when ever the application is outdated or a new version is available, one you open the application, the update notice pops up immediately for your actions of updating it or you get a notification on your phone based on your settings but sending random messages to people is what I do not get. I still know some people would fall for this scam so easily as they have no knowledge about how it works.
OP you did well by calling the attention of members here to seeing this mail you received. It would help a long way to calling to the consciousness of members here to look out for such mail and quickly delete it from their nox so as not to get scammed.
hero member
Activity: 700
Merit: 673
June 15, 2023, 11:39:48 AM
#25
Somehow I've been away from Metamask wallet for quite some time, since then strange things have been happening, I suspect scammers are roaming there, ehh it's true, I've been using Metamask wallet for almost a year at that time and I've done some activities there, somehow my crypto asset disappeared by itself in minutes, since that incident i decided to unsubscribe with Metamask/closure.

I feel insecure dealing with Metamask wallets, until now, my prediction is correct that wallets are the target of scammers, this is really bad.


Losing assets from your Metamask wallet just like that without a trace of what actually happened to the wallet might be a result of a phishing attack, or there might have been leakage somewhere that you were not aware of. Because I have not heard of a Metamask wallet being compromised without the user actually being the one who might have divulged the wallet's private information to scammers.
If no, then this is another useful piece of information for everyone to start avoiding it.
legendary
Activity: 2128
Merit: 1775
June 15, 2023, 08:35:29 AM
#24
I just got a message from some scammer claiming to be Metamask with the statement that my Metamask wallet needs an upgrade.
Somehow I've been away from Metamask wallet for quite some time, since then strange things have been happening, I suspect scammers are roaming there, ehh it's true, I've been using Metamask wallet for almost a year at that time and I've done some activities there, somehow my crypto asset disappeared by itself in minutes, since that incident i decided to unsubscribe with Metamask/closure.

I feel insecure dealing with Metamask wallets, until now, my prediction is correct that wallets are the target of scammers, this is really bad.




Everything you said is true, precisely for the time of that incident, i have updated and replaced all my devices for future safety, i really avoid to use Metamask wallet, ever.
hero member
Activity: 700
Merit: 673
June 13, 2023, 06:53:26 PM
#23
Aside from that, you never know where they got your email from, so the best solution is either to ignore the mail completely or to create a new email, which is what I have done since the mail is not even associated with any of my important stuff online.

Creating a new account will not solve the problem, but rather that you do not share your email address publicly, or at least with trusted parties only.
These users collect thousands of data from several sources, and therefore you should be careful in publishing an email and not clicking random links.

Totally agree with you; currently, there is nothing that can't be sold or gotten from the market; even our social media data and places where we might think our data is secured and safe, those personal details are to some extent still sold out to third parties. And there are also lots of tools out there that extract mail from a user's profile without the user's knowledge. That's why it's advisable for us to always use one mail for one site and avoid having unexpected mail go into the ignore list.
legendary
Activity: 1890
Merit: 1537
June 13, 2023, 05:38:09 PM
#22
I just got a message from some scammer claiming to be Metamask with the statement that my Metamask wallet needs an upgrade.
Unfortunately, Metamask is not the only wallet that scammers send such messages to its users to upgrade their wallets. I previously found the same message, but for the application of the Trust wallet, Binance, and MEXC platforms, and they put a malicious link containing a fake application in order to be downloaded by the recipients of the messages and users of the platforms, so the first step is to know what the message was real or fake is to look at the official email of the sender, the domain link that these scammers sent, and the tweets and announcements of the wallet or the exchange platform on their official websites or social media. And I advise you to use a "Custom email" for the public and a custom email for your financial accounts; also, do not open any links in the message sent to you and do not download any application from the mail or any PDF, and finally make your trust zero in incoming mail messages so that you do not regret!
hero member
Activity: 812
Merit: 619
June 13, 2023, 12:55:17 PM
#21

Creating a new account will not solve the problem, but rather that you do not share your email address publicly, or at least with trusted parties only.
These users collect thousands of data from several sources, and therefore you should be careful in publishing an email and not clicking random links.

I think the best solution is that our main email should be different from contact email. generally we use one mail for all purpose which is not good option. i created one email for Binance only and did not share with anybody because most of my fund are there for trading purpose. I using one mail for airdrops and from this mail i Recieving daily spam mails and i don't caring of them.
legendary
Activity: 2702
Merit: 4002
June 12, 2023, 01:34:58 PM
#20
Aside from that, you never know where they got your email from, so the best solution is either to ignore the mail completely or to create a new email, which is what I have done since the mail is not even associated with any of my important stuff online.

Creating a new account will not solve the problem, but rather that you do not share your email address publicly, or at least with trusted parties only.
These users collect thousands of data from several sources, and therefore you should be careful in publishing an email and not clicking random links.
hero member
Activity: 2996
Merit: 598
Leading Crypto Sports Betting & Casino Platform
June 12, 2023, 05:06:59 AM
#19
I just want to suggest labeling email accounts that should be considered "leaky" after receiving this kind of email, maybe we've shared emails to public places in the past due to lack of privacy awareness back then.
If your "leaked" email is used for a service account that is actively used such as an exchange, it would be better to change it with fresh new emails and only dedicated to that service.

I have some emails that have been leaked so I keep receiving spam and phishing links I just report it as spam so it will not go directly to my main folder it's no use changing my email because this is where I receive my communication.
I just knew that if the email is unfamiliar to me it should be ignored and it should report spam so if they happen to use the same email to send another one it will automatically drop in the spam folder to be deleted within 30 days.

I will never be tempted to open these emails because we all know how good scammers are at making interesting headers in their emails.
hero member
Activity: 1778
Merit: 709
[Nope]No hype delivers more than hope
June 11, 2023, 08:16:51 PM
#18
I just want to suggest labeling email accounts that should be considered "leaky" after receiving this kind of email, maybe we've shared emails to public places in the past due to lack of privacy awareness back then.
If your "leaked" email is used for a service account that is actively used such as an exchange, it would be better to change it with fresh new emails and only dedicated to that service.
hero member
Activity: 1876
Merit: 721
Top Crypto Casino
June 11, 2023, 01:00:05 PM
#17
Most of these criminals spreading fake alerts got our email on airdrops or any other platform turn scams we participate before. Right now we can see the effect if we are not careful on sending out emails everywhere since we might receive more emails like this. They target metamask users because they know that maybe some other users might bite the trap they set and to bad for a person if no verification will be done since most of them will be the favorite victim by these hackers or scammers.
When we share our contact information on a website, they sell that information to criminals, or hackers steal user information from those websites. Anything can happen to crypto users online with a little carelessness, so it's important to be vigilant to stay safe. Because scammers are constantly advancing and changing their data collection techniques. I have already exposed a trick of the scammers. https://bitcointalksearch.org/topic/m.62074664

Email is just one way of scamming and that not end here. They uses lot of other sources to get users data. The most dangerous one is google promotion. when you search in google about Metamask (usually we search for installing Extension), the first page will be scam website which is complete phising site of original one. when you download the extension, they will ask for key. so we should be careful and should learn new way of hacking/scamming and then try our best for our fund safety
Scammers have done and still do a lot of scams using Google ads. Through the use of advertising, they bring fake websites to the top of search results that easily trap inexperienced crypto users. However, scammers use a different strategy by collecting emails, scammers use Google ads to promote phishing websites.
hero member
Activity: 812
Merit: 619
June 11, 2023, 10:02:38 AM
#16
Those who send these emails are cybercriminals, your email address may have been stolen from somewhere and they are now sending such fake emails. Metamask does not collect their users' email addresses, so scammers are sending these emails targeting crypto users.

These scammers using different strategies to cheat people. These cyber criminals emails are old way of stealing phrase/private key. I was also recieved similar type of messages about Binance app update and when i checked, it was phising app. as for as Metamask then almost every user know that Metamask has no connection with sending email for update etc but in case of Binance or any Cex exchange one can be cheated. I created thread months ago on this. BINANCE APP Reinstall warning

Because they know that a large part of crypto users use metamask, and this random email can bring them the expected results. Therefore, crypto users should verify the source of the email before clicking on any link included in the email.

Email is just one way of scamming and that not end here. They uses lot of other sources to get users data. The most dangerous one is google promotion. when you search in google about Metamask (usually we search for installing Extension), the first page will be scam website which is complete phising site of original one. when you download the extension, they will ask for key. so we should be careful and should learn new way of hacking/scamming and then try our best for our fund safety
hero member
Activity: 2520
Merit: 783
June 11, 2023, 09:50:51 AM
#15
Those who send these emails are cybercriminals, your email address may have been stolen from somewhere and they are now sending such fake emails. Metamask does not collect their users' email addresses, so scammers are sending these emails targeting crypto users.

Because they know that a large part of crypto users use metamask, and this random email can bring them the expected results. Therefore, crypto users should verify the source of the email before clicking on any link included in the email.

Most of these criminals spreading fake alerts got our email on airdrops or any other platform turn scams we participate before. Right now we can see the effect if we are not careful on sending out emails everywhere since we might receive more emails like this. They target metamask users because they know that maybe some other users might bite the trap they set and to bad for a person if no verification will be done since most of them will be the favorite victim by these hackers or scammers.
hero member
Activity: 1876
Merit: 721
Top Crypto Casino
June 10, 2023, 01:16:30 PM
#14
Those who send these emails are cybercriminals, your email address may have been stolen from somewhere and they are now sending such fake emails. Metamask does not collect their users' email addresses, so scammers are sending these emails targeting crypto users.

Because they know that a large part of crypto users use metamask, and this random email can bring them the expected results. Therefore, crypto users should verify the source of the email before clicking on any link included in the email.
legendary
Activity: 2576
Merit: 1655
June 10, 2023, 10:33:24 AM
#13
As far as I know, you don't need to provide your email address or any other personal information to create a wallet with metamask. Therefore, this is without any doubt a phishing email. The real question is: where dud those scammers got your email address from? You said you received the same message on two different addresses, so you need to check what you have done wrong!
Anyway, thank you for the warning.

Exactly, there is no email provided when we created a Metamask wallet.

So the question, is how did the OP get the email from the criminals? the only logical answer is that his emails might have been leaked. So just be careful not just to the OP but for those who got this kind of emails though. This is an old trick but for sure maybe there could still be someone who are going to fall for this trick.
hero member
Activity: 784
Merit: 672
Top Crypto Casino
June 10, 2023, 10:18:49 AM
#12

If you read the OP correctly, you will understand that it's an already-known fact. I never said Metamask requires email to create a wallet; in fact, there are never any personal details needed for you to have a Metamask wallet. It's just a question directed at the scammer's way of thinking: do they actually think anyone who is familiar with how the system works will fall victim to such an easily identifiable scam?

I have read it carefully before posting the reply and that was my response in such situation. I also never mentioned that it was you who said Metamask requires e-mail for creating wallet, but it is my way of replying to a question. My whole reply was to show that how those malicious hackers are using the name of Metamask to create panic in the mind of the users in order to steal their secret key. I think they might sent such mail to a list of users not only you, and many of those users might have shared their secret keys on that site of the malicious actors. You were technically good and were aware of such things so you protected yourself from their trap, and shared the thing with the users to promote awareness regarding such scams.


Quote
Blocking the sender's email is not actually the real solution to this; it will only restrict the sender from sending you mail from that mail box, but other mails can still be created. Aside from that, you never know where they got your email from, so the best solution is either to ignore the mail completely or to create a new email, which is what I have done since the mail is not even associated with any of my important stuff online.

Well, you have taken the right step by creating a new e-mail account for yourself. However, there are some users who basically register with their single e-mail account on many websites and in that case the better option is to just block those senders and even if they try sending you the mail from multiple accounts, it's better to block all of those accounts. I personally use my main e-mail to register on many sites and I have seen such e-mails many times, I blocked most of the senders who sent such e-mails and now there aren't any such mails coming on my e-mail account. I would also say that if someone can create a new account then that's the best solution to get rid of such fraudsters, but if it's not possible for a person to change the e-mail account then the best option is to block the sender or senders if they are using more than one account for sending such mails.
hero member
Activity: 700
Merit: 673
June 10, 2023, 06:21:22 AM
#11

That message is not from Metamask and in fact Metamask doesn't send its users any emails for their accounts. When someone creates a Metamask account the user only have to create a secure password and then they will get 12 seed words secret key that they have to hide from others.

In the whole process there isn't any involvement of e-mail and the fearful thing is that the impostors are trying to show that they are Metamask team and they're trying to create fear in the minds of users so a user may click the provided link and enter his/her details in order to secure their wallet account.


If you read the OP correctly, you will understand that it's an already-known fact. I never said Metamask requires email to create a wallet; in fact, there are never any personal details needed for you to have a Metamask wallet. It's just a question directed at the scammer's way of thinking: do they actually think anyone who is familiar with how the system works will fall victim to such an easily identifiable scam?


Quote
That's a phishing a attack and in this case someone with malicious intent has got your e-mail address and is now trying to get it compromised with the help of social engineering attacks. The best way to avoid such e-mails is to block the sender and do nothing else to be on the safe side. I recommend you to never click such link because they might have access to some vulnerabilities of your Operating system or other applications that when altered could grant them permissions manipulate your device with code execution

Blocking the sender's email is not actually the real solution to this; it will only restrict the sender from sending you mail from that mail box, but other mails can still be created. Aside from that, you never know where they got your email from, so the best solution is either to ignore the mail completely or to create a new email, which is what I have done since the mail is not even associated with any of my important stuff online.
hero member
Activity: 784
Merit: 672
Top Crypto Casino
June 10, 2023, 05:59:40 AM
#10
I just got a message from some scammer claiming to be Metamask with the statement that my Metamask wallet needs an upgrade.
Some questions just bomb into my head.

How ?? 
How can Metamask need an upgrade that requires them to send me a message?
How does Metamask even get in touch with my email?
Or do the scammers think users need to create an account with Metamask before they can use it? Or maybe Metamask looks like a centralized exchange for them, or they don't actually know how the blockchain system works. I overlooked the message the first time, and I still got it on my second email.


That message is not from Metamask and in fact Metamask doesn't send its users any emails for their accounts. When someone creates a Metamask account the user only have to create a secure password and then they will get 12 seed words secret key that they have to hide from others.

In the whole process there isn't any involvement of e-mail and the fearful thing is that the impostors are trying to show that they are Metamask team and they're trying to create fear in the minds of users so a user may click the provided link and enter his/her details in order to secure their wallet account.

That's a phishing a attack and in this case someone with malicious intent has got your e-mail address and is now trying to get it compromised with the help of social engineering attacks. The best way to avoid such e-mails is to block the sender and do nothing else to be on the safe side. I recommend you to never click such link because they might have access to some vulnerabilities of your Operating system or other applications that when altered could grant them permissions manipulate your device with code execution.

sr. member
Activity: 756
Merit: 390
June 10, 2023, 03:24:34 AM
#9
Phising is the most common way to scam anyone. If you are getting such email then block them as after opening this mail you will get bombarded with more. There is technique by which a scammers gets a message whenever someone opens the mail. You might also receive. I have been recieving such mails for sometime now. What I generally do is block them and next time the scammer sends me any mail it automatically goes to my spam box.  

As you have recieved such an email visit thsi website Have I been pwned to find out whether you email address has been breached.  
legendary
Activity: 2702
Merit: 4002
June 10, 2023, 02:01:36 AM
#8
As far as I know, you don't need to provide your email address or any other personal information to create a wallet with metamask.
metamask collects some data about you, for example, but not limited to your IP addresses and all your wallet addresses. I would like to quote their data from their site, but I cannot access the page (I do not know if they have restrictions on Tor, or if the problem is from my browser)

Although I do not trust this source -----> https://w3academy.io/metamask-collecting-your-data-what-you-need-to-know/, I quoted from it.

Quote
If you use MetaMask without changing any settings, it defaults to using the Infura gateway to connect to the Ethereum blockchain, meaning they can collect your IP and wallet address, and other personal information.

So, like Google, Infura can begin creating user p

someone may be able to purchase your data from several sources, and then he will have information such as your addresses, your IP addresses, and your personal details such as your email address. All he will need is to prepare a message for you, for example, $ 500 has been withdrawn from your wallet with XXX address, and you need to update your wallet With an email that is very similar to the official email.
hero member
Activity: 868
Merit: 737
June 09, 2023, 10:28:38 PM
#7
~
I always received emails like this every time on my email. You have to set your email to throw an email like this on junk. I did it, when I look at junk, about a hundred emails like this (because a long time ago, I used my email for anything registered). But sometimes, if strong, an email is received also in my email inbox. Again, when they ask for a seed and private key, that was pretty sure is a scam, it's the same if a swindler (fake bank support) calls you asking CC number and CVV to deceive the OTP code on a short message.

So just be careful, scammers are lurking victims everywhere, the scammer needs money without working.
hero member
Activity: 406
Merit: 443
June 09, 2023, 07:59:28 PM
#6
I just got a message from some scammer claiming to be Metamask with the statement that my Metamask wallet needs an upgrade.
Some questions just bomb into my head.

How ??
How can Metamask need an upgrade that requires them to send me a message?

They are not MetaMask but scammers who make it and all they need is your email address and make sure that you have posted your Ethereum address publicly, then the possibility that you have used MetaMask is high, they can collect this information via a social attack while sending this e-mail does not cost them effort or time.

I moved the mail to my Apple device, which I don't use for anything relating to financial transactions. I clicked on the link provided by the scammers for the upgrade process.

This is a big mistake. If you think that is a scam link, clicking on it will not change anything. They can now open your camera, take pictures of you or collect more data such as cookies, including knowing more information about you to use in next social attack.
If you are suspicious of a link, stop with the mouse on it, and the link extension will appear to you, and if that extension is hidden or a redirect link, do not click on it.


But what I saw was an open form for me to use my hand and type in my 12-word phrase, which is handing my wallet access over to the scammer or using the private key option.
If you enter any random words they accept.
legendary
Activity: 2758
Merit: 1228
June 09, 2023, 06:26:54 PM
#5
I just got a message from some scammer claiming to be Metamask with the statement that my Metamask wallet needs an upgrade.
Some questions just bomb into my head.

How ??
How can Metamask need an upgrade that requires them to send me a message?
How does Metamask even get in touch with my email?
Or do the scammers think users need to create an account with Metamask before they can use it? Or maybe Metamask looks like a centralized exchange for them, or they don't actually know how the blockchain system works. I overlooked the message the first time, and I still got it on my second email.

I moved the mail to my Apple device, which I don't use for anything relating to financial transactions. I clicked on the link provided by the scammers for the upgrade process.
I was even expecting some kind of random cloned Metamask auto-download stuff or anything of that nature, or maybe they can just show me a blank window explaining why they are accessing my entire device. But what I saw was an open form for me to use my hand and type in my 12-word phrase, which is handing my wallet access over to the scammer or using the private key option.
Scammer site
Code:
https://new-matamask.com/myimport/

The website you provided seems to be down already. I'm wondering who in their right mind would fall for such a scam. It's so obvious that it's a fake phishing email; why would Metamask ever contact you? How would your account be disabled? It's not a PayPal or eBay account to be disabled. I'm hoping no one falls for this.

To answer the previous poster, email addresses are possibly leaked through database leaks and used to distribute such emails in an attempt to lure potential victims. It's likely that the list of scammers used to be associated with a cryptocurrency-related website in order to have some kind of correlation and have higher chances of luring potential victims.

Still there are newbies will fall with that schemes since mostly they are the one easy to be catch by them since those people who don't inow about the schemes or attempt might believe that the email they receive is true. So since we know that this phising attempt exist they should do their own diligence to verify because if we track back on the first day we create our wallet on metamask the platform didn't require us to provide email address. So if we receive the same like email we can tag it as scam or it create harm so that we can easily delete it before it create damage to us.
legendary
Activity: 3416
Merit: 1225
June 09, 2023, 03:51:53 PM
#4
If you received an email like that where there is no email involved in creating an account or wallet then your email is compromised and part of scammers' database and you have to weed out your emails to see what emails are coming out to unknown sources, so you can report it as spam and all emails like this will not go to your main folders.

When it comes to receiving phishing emails common sense is always the key to knowing the basics of securing your funds, so all emails that asked for private keys should go to spam folders for deletion.

When you received spam like that expect many more to come this is why it's important to only use your email to a trusted source and if you're participating in airdrops use a different specifically for that.
hero member
Activity: 1680
Merit: 845
June 09, 2023, 03:30:18 PM
#3
I just got a message from some scammer claiming to be Metamask with the statement that my Metamask wallet needs an upgrade.
Some questions just bomb into my head.

How ??
How can Metamask need an upgrade that requires them to send me a message?
How does Metamask even get in touch with my email?
Or do the scammers think users need to create an account with Metamask before they can use it? Or maybe Metamask looks like a centralized exchange for them, or they don't actually know how the blockchain system works. I overlooked the message the first time, and I still got it on my second email.

I moved the mail to my Apple device, which I don't use for anything relating to financial transactions. I clicked on the link provided by the scammers for the upgrade process.
I was even expecting some kind of random cloned Metamask auto-download stuff or anything of that nature, or maybe they can just show me a blank window explaining why they are accessing my entire device. But what I saw was an open form for me to use my hand and type in my 12-word phrase, which is handing my wallet access over to the scammer or using the private key option.
Scammer site
Code:
https://new-matamask.com/myimport/

The website you provided seems to be down already. I'm wondering who in their right mind would fall for such a scam. It's so obvious that it's a fake phishing email; why would Metamask ever contact you? How would your account be disabled? It's not a PayPal or eBay account to be disabled. I'm hoping no one falls for this.

To answer the previous poster, email addresses are possibly leaked through database leaks and used to distribute such emails in an attempt to lure potential victims. It's likely that the list of scammers used to be associated with a cryptocurrency-related website in order to have some kind of correlation and have higher chances of luring potential victims.
legendary
Activity: 2702
Merit: 3045
Top Crypto Casino
June 09, 2023, 03:21:47 PM
#2
As far as I know, you don't need to provide your email address or any other personal information to create a wallet with metamask. Therefore, this is without any doubt a phishing email. The real question is: where dud those scammers got your email address from? You said you received the same message on two different addresses, so you need to check what you have done wrong!
Anyway, thank you for the warning.
hero member
Activity: 700
Merit: 673
June 09, 2023, 02:01:05 PM
#1
I just got a message from some scammer claiming to be Metamask with the statement that my Metamask wallet needs an upgrade.
Some questions just bomb into my head.

How ?? 
How can Metamask need an upgrade that requires them to send me a message?
How does Metamask even get in touch with my email?
Or do the scammers think users need to create an account with Metamask before they can use it? Or maybe Metamask looks like a centralized exchange for them, or they don't actually know how the blockchain system works. I overlooked the message the first time, and I still got it on my second email.

I moved the mail to my Apple device, which I don't use for anything relating to financial transactions. I clicked on the link provided by the scammers for the upgrade process.
I was even expecting some kind of random cloned Metamask auto-download stuff or anything of that nature, or maybe they can just show me a blank window explaining why they are accessing my entire device. But what I saw was an open form for me to use my hand and type in my 12-word phrase, which is handing my wallet access over to the scammer or using the private key option.
Scammer site
Code:
https://new-matamask.com/myimport/
 
Jump to: