Blockchain security firm Halborn has warned users of the latest phishing emails doing the rounds.
A cybersecurity firm has issued warnings over a new phishing campaign targeting users of the popular crypto wallet MetaMask.
In
a July 28 post written by Halborn's technical education specialist Luis
Lubeck, the active phishing campaign used emails to target MetaMask
users and trick them into giving out their passphrase.
The firm analyzed
scam emails it received in late July to warn users of the new scam.
Halborn noted that at initial glance, the email looks authentic with a
MetaMask header and logo, and with messages that tell users to comply
with KYC regulations and how to verify their wallets.
However,
Halborn also noted there are several red flags within the message.
Spelling errors and a fake sender’s email address were two of the most
obvious. Furthermore, a fake domain called metamaks.auction was used to
send the phishing emails.
Phishing
is a social engineering attack using targeted emails to lure victims
into revealing more personal data or clicking links to malicious
websites that attempt to steal crypto.
There was also no
personalization in the message, the firm noted, which is another warning
sign. Hovering over the call to action button reveals the malicious
link to a fake website which prompts users to enter their seed phrases
before redirecting to MetaMask to empty their crypto wallets.
Halborn,
which raised $90 million in a Series A round in July, was founded in
2019 by ethical hackers offering blockchain and cyber security services.
In
June, Halborn researchers discovered a case where a user’s private keys
could be found unencrypted on a disk in a compromised computer.
MetaMask patched its extension versions 10.11.3 and later following the discovery.
However, there was no mention of the new email phishi threat on MetaMask’s Twitter feed at the time of writing.
Related: Phishing risks escalate as Celsius confirms client emails leaked
Last
week, Celsius users were warned of a phishing threat following the leak
of customer emails by a third-party vendor employee.
In late July, security researchers warned
of a new malware strain called Luca Stealer appearing in the wild. The
information stealer has been written in the Rust programming language
and targets Web3 infrastructure such as crypto wallets. Similar Malware
called Mars Stealer was discovered targeting MetaMask wallets in February.
source link : https://cointelegraph.com/news/blockchain-security-firm-warns-of-new-metamask-phishing-campaign
