MetaMask, a renowned crypto wallet provider, has issued a warning to investors about ongoing phishing attempts by scammers targeting users through NameCheap’s email system. The phishing campaign originated after NameCheap suffered a breach to their email account. The attackers utilized the “SendGrid” email platform, which is used by NameCheap to send emails such as renewal notices and marketing emails, to send unauthorized emails to MetaMask users.
⚠️MetaMask does not collect KYC info and will never email you about your account!— MetaMask 🦊 (@MetaMask) February 13, 2023
Do not enter your Secret Recovery Phrase on a website EVER.
If you got an email today from MetaMask or Namecheap or anyone else like this, ignore it & do not click its links!https://t.co/EP0HGZFOfo pic.twitter.com/4CDtne24OK
The phishing emails contained a link to a fake MetaMask website that asked for users’ “Secret Recovery Phrase” or “Private key.” By entering this information, the hackers were able to import the wallet to their own devices and steal all funds and assets stored in it.
NameCheap CEO Richard Kirkendall confirmed the exploit and mentioned that the company had disabled emails through SendGrid while they investigated the issue. However, within two hours, the mail delivery was restored.
This is not the first time MetaMask has issued a warning about phishing scams. Recently, the digital wallet provider warned about a new crypto wallet address scam called “Address Poisoning,” where hackers take advantage of user carelessness to drain crypto tokens from the victim’s wallet address.
To protect yourself from these evolving scams, it is important to always exercise caution and not provide personal information or private keys to anyone or any website that you are not confident is legitimate.
Keep your eye on CoinTopper.com for more news!