September 6, 2023

MetaMask Scammers Target Government URLs from Egypt, Nigeria To Target Crypto Investors

MetaMask scammers

MetaMask scammers

Scammers target MetaMask users in crypto scams by using URLs of government-owned websites to gain access to the victims’ crypto wallet holdings.

MetaMask, an Ethereum-based crypto wallet, has been a frequent target of scammers. They trick unsuspecting users into visiting fake websites that ask for access to their MetaMask wallets.

Cointelegraph’s investigation has revealed that several government-owned websites, including those from India, Nigeria, Egypt, Colombia, Brazil, Vietnam, and other jurisdictions, have been used in this scam. These websites have been redirecting users to fake MetaMask websites, as seen in the evidence.

MetaMask was alerted about ongoing scams by Cointelegraph, and they quickly acknowledged the issue. The security team at MetaMask stated that the Web3 ecosystem’s significant growth potential makes it an attractive target for scammers and thieves.

If a user clicks on any fraudulent links within government website URLs, they will be redirected to a fake URL instead of the legitimate MetaMask.io. Microsoft Defender, the built-in security system, will alert users about the potential phishing attempt.

If users ignore the warning, they are greeted by a website resembling the official MetaMask website. The fake websites will eventually ask the users to link their MetaMask wallets to access various services on the platform.

MetaMask security team stated: “We are building in some heuristics (metadata, indicators, TTPs, etc.) from this current campaign into our detection engines to hopefully detect any more of these attacks as soon as they launch and take steps to take them down before they reach users — or at the very least minimize the exposure.”

With increasing incidents of attacks on cryptocurrency investors, MetaMask is urging potential victims to report any possible scams.

If a user’s seed phrase is compromised, MetaMask recommends that they cease using the seed recovery phrase and instead create a new one from an uncompromised device. Additionally, readers should know that MetaMask does not gather Know Your Customer information from its users.

Author profile

Whether you want to learn about NFT, Blockchain, Web3.0, Metaverse, or any other emerging technologies, we have the vital resources that will enlighten and help you make an informed decision.