CipherTrace, a blockchain and cryptocurrency analytics firm that combats crypto-crime, has released a report about a phishing scheme targeting MetaMask browser wallets on Chrome that has been active online in recent days.
“Over the past 24 hours, CipherTrace has observed an increase in alerts and reports within the online cryptocurrency community regarding the theft of user funds via a Chrome browser extension phishing attack impersonating a cryptocurrency wallet and the MetaMask browser extension. The malicious browser extension sends data to maskmeha[.]io, which then redirects it to https[ :]/installmetamask[.]com,” the company stated in its December 2 announcement.
Scammers appear to be using Google ads to lure victims, so any inattentive crypto investor could have clicked a sponsored link without noticing the risk. Always exercise caution with sponsored links when searching online. MetaMask advises users to rely on direct links whenever possible.
What Is Phishing?
As explained in our article “Ledger Wallet: Hack in June, Phishing in October”: “Phishing involves sending a message that urges a recipient to log in or share personal information through a specific link by invoking an emergency, a threat, or a refund. The aim is to steal those credentials or data.”
In this case, attackers aim to capture information related to investors’ cryptocurrency management. If an investor were to share their recovery phrase, scammers could easily access the cryptocurrencies stored in that person’s MetaMask wallet.
The fake MetaMask websites used in recent days to steal user credentials are very convincing. Stay vigilant and never share your private information or recovery phrases with anyone.