Cryptocurrency wallet, MetaMask is warning users of a new phishing scam. Posing as an official ‘instant support’ site, the scam invites unsuspecting users to input their wallet seed phrases into a form on Google Docs.
The warning came on MetaMask’s official Twitter account: “PHISHING ALERT!: a new type of phishing bot is becoming active. Comes from an account that looks ‘normal’ (but few followers); Helpfully suggests filling out a support form on a major site like Google sheets (hard to block); Asks for your secret recovery phrase (sic).”
Looking Forward to Meeting You at iFX EXPO Dubai May 2021 – Making It Happen!
Indeed, none of MetaMask’s support tools are based in Google Docs. The wallet provider told users that the safest way to get help from the provider is to use the official link to MetaMask’s support system. The link can be found in the ‘Get Help’ option located inside the MetaMask app. Additionally, users can report phishing scams in the wallet app.
PHISHING ALERT!: a new type of phishing bot is becoming active.
Comes from an account that looks “normal” (but few followers)
Helpfully suggests filling out a support form on a major site like Google sheets (hard to block).
Asks for your secret recovery phrase. pic.twitter.com/EeHumnmzbE
— MetaMask (@MetaMask) May 3, 2021
CoinTelegraph reported that at least one user appears to have been successfully scammed by the fake support form. The user replied to MetaMask’s warning tweet about the scam with “so there is no way to get back our token right? (sic).”
Socially-Engineered Attacks Are More Popular in Crypto than Ever
With its browser extension integration, MetaMask has handily become one of the most popular utility cryptocurrency wallets on the market. ConsenSys, the wallet’s developing company, reported in late April that MetaMask had accrued more than 5 million active monthly users.
However, as the app’s popularity has grown, so too has the number of scams that attempt to imitate the wallet and steal users’ funds.
According to CoinTelegraph, one of these scams was a “rotten seed phrase” attack, in which hackers generate seed phrases that can be co-opted after users have funded their accounts.
Various kinds of phishing scams have become so effective and prolific that some of crypto’s biggest names have fallen victim to them. One scammer fooled Hugh Karp, Founder of Nexus Mutual, into transferring $8 million in Nexus Mutual tokens to a scam account.
In mid-2020, Finance Magnates reported that phishing scams were proliferating throughout the crypto space in the wake of COVID-19. One of the most famous examples of this occurred in July when a 17-year-old hacker was able to post from a number of high-profile Twitter accounts because an unsuspecting Twitter employee accidentally handed him the keys to the kingdom.