MetaMask Users Targeted by Crypto Scams via Government Websites

MetaMask Users Targeted by Crypto Scams via Government Websites

Crypto scams targeting MetaMask users employ government-owned website URLs to defraud victims and gain access to their cryptocurrency wallet holdings, according to a report by Cointelegraph.

The Ethereum-based crypto wallet MetaMask has long been a target for scammers, who redirect naive users to bogus websites that request access to MetaMask wallets. Cointelegraph’s investigation revealed that multiple government-owned websites were being utilised to carry out this exact scam.

Official government websites from India, Nigeria, Egypt, Colombia, Brazil, Vietnam, and other countries have been discovered to redirect to fraudulent MetaMask websites.

Cointelegraph notified MetaMask of the ongoing scams and received a fast response. Web3’s huge development potential, according to the MetaMask security team, makes the ecosystem appealing to scammers and thieves.

When a user hits on any of the rogue links embedded in the URLs of government websites, they are sent to a phoney URL rather than the actual URL “MetaMask.io.” When accessed, Microsoft’s built-in protection, Microsoft Defender, alerts users to a potential phishing attempt.

If users disregard the warning, they are met with a webpage that looks similar to the legitimate MetaMask website. To access various services on the platform, the bogus websites will eventually require users to link their MetaMask wallets.

In response to Cointelegraph’s discovery of phishing websites, the MetaMask security team stated:

“We’re incorporating some heuristics (metadata, indicators, TTPs, and so on) from this current campaign into our detection engines in the hopes of detecting any more of these attacks as soon as they launch and taking steps to stop them before they reach users β€” or, at the very least, minimizing the exposure.”

In the midst of increasing attacks on cryptocurrency investors, MetaMask invites potential victims to report suspicious scams.

In the event of a seed phrase compromise, MetaMask recommends that users stop utilising the seed recovery phrase and construct a new one from a non-compromised device. Readers should also be aware that MetaMask does not gather Know Your Customer data from its users.

Keywords: Ethereum, crypto scam, metamask

How Ethereum’s merge made crypto mining more sustainable

 

1 thought on “MetaMask Users Targeted by Crypto Scams via Government Websites”

Leave a Comment