Digital asset holders are facing a new threat as a phishing scam targeting MetaMask users has emerged, utilizing fake two-factor authentication (2FA) emails. These fraudulent messages are designed to create a sense of urgency, compelling recipients to update their security settings immediately.
The scam is executed by sending emails that closely mimic official communications from the MetaMask support team. These messages typically include the recognizable Fox logo and professional branding, misleading users into believing that immediate action is required to avoid restricted wallet access.
Cybersecurity experts have identified that these phishing attempts exploit fear, directing users to click on links that lead to “typosquatted” domains. These are websites that appear legitimate but contain minor spelling errors. Victims are then confronted with countdown timers and prompts to enter their wallet recovery phrases, which ultimately allows attackers to drain their funds rapidly.
Security researcher 23pds from the firm SlowMist was among the first to raise the alarm about this campaign. He emphasized the need for users to scrutinize the sender”s email address, as scammers often disguise themselves using generic names like “MetaMask Support,” while the actual email address is a random string of letters.
To safeguard against these types of scams, users should remember that MetaMask operates as a self-custodial service. This means that the company does not store users” information unless a support ticket is initiated. They will never contact users unsolicited, and any email claiming that a wallet has been “locked” or “suspended” is likely fraudulent.
The security team at ConsenSys, the company behind MetaMask, has issued guidelines reinforcing that they will never request a recovery phrase under any circumstances. Users should be particularly cautious of any website asking for their seed phrase to “enable 2FA.”
Identifying phishing attempts requires vigilance. Users should look for grammatical mistakes or poor formatting in emails, as these are common indicators of scams. It is also advisable to verify the “From” field by checking the sender”s complete email address. Authentic communications typically come from domains like @metamask.io or @metamask.zendesk.com.
Another significant warning sign is any urgency presented in the emails. Legitimate updates related to blockchain software are communicated through the MetaMask browser extension or mobile app, complete with in-app notifications. If there is ever any uncertainty, users should navigate directly to the official website by typing the URL into their browser.
