Phishing campaign targets users of MetaMask software cryptocurrency wallet – SiliconANGLE News

Phishing campaign targets users of MetaMask software cryptocurrency wallet – SiliconANGLE News

Blockchain Crypto Market Technology
June 23, 2022 by Coinvasity
13
UPDATED 08:00 EDT / JUNE 23 2022 by Duncan Riley A phishing campaign targeting users of the MetaMask software cryptocurrency wallet is attempting to steal account credentials.Detailed today by researchers at Armorblox Inc., the phishing emails target Microsoft Office 365 customers, particularly in organizations across the financial industry. The emails used in the campaign look
wp-header-logo-309.png

UPDATED 08:00 EDT / JUNE 23 2022
by Duncan Riley
A phishing campaign targeting users of the MetaMask software cryptocurrency wallet is attempting to steal account credentials.
Detailed today by researchers at Armorblox Inc., the phishing emails target Microsoft Office 365 customers, particularly in organizations across the financial industry. The emails used in the campaign look like a MetaMask verification email.
The socially engineered emails were titled ‘Re: [Request Updated] Ticket: 6093-57089-857’ and looked to be sent from a MetaMask support email: support@metamask.as. The email body spoofed a Know Your Customer verification request and claimed that not complying with KYC regulations would result in restricted access to the MetaMask wallet.
The email prompted victims to click the ‘Verify your Wallet’ button to complete the wallet verification. Those behind the campaign utilized urgency in the email to trick the victims into complying with the request.
Upon clicking on the link in the email, users are taken to a fake landing page that closely resembles the legitimate MetaMask verification page. The victims are asked to enter their passphrase to comply with KYC regulations and to continue using MeteMask.
The fake “look-alike” page utilizes MetMask’s branding, logo and referenced passphrase credentials, all of which are associated with the actual site. The language on the fake landing page also reminded victims to ensure their passphrase is always protected and to ensure that nobody is watching. The researchers note that “it’s language like this that can evoke trust, one of the primary goals of the attacks.”
Suffice to say, if the victims entered their details, their MetaMask accounts were then compromised.
The researchers recommend augmenting native email security with additional controls as the MetaMask phishing emails got past native email security. Organizations should augment built-in email security with layers that take a different approach to threat detection.
Emails users should also engage with emails rationally and methodically whenever possible. Subject the email to an eye test, including sender name, email address and language in the email, and look for any logical inconsistencies.
The researchers also recommend using multifactor authentication and password management best practices. This includes not using the same passport on multiple sites and accounts and using a password manager to store account passwords.
Click here to join the free and open Startup Showcase event.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.
Click here to join the free and open Startup Showcase event.
Phishing campaign targets users of MetaMask software cryptocurrency wallet
Twitter now testing long-form content with a new feature: Twitter Notes
Qualcomm announces unified ‘full stack’ approach to AI software
Amazon reveals how it’s using AI to transform the retail experience
Gtmhub acquires business reliability platform startup Cliff.ai
eBay acquires NFT marketplace startup KnownOrigin
Phishing campaign targets users of MetaMask software cryptocurrency wallet
SECURITY – BY DUNCAN RILEY . 1 MIN AGO
Twitter now testing long-form content with a new feature: Twitter Notes
APPS – BY JAMES FARRELL . 10 HOURS AGO
Qualcomm announces unified ‘full stack’ approach to AI software
AI – BY MIKE WHEATLEY . 11 HOURS AGO
Amazon reveals how it’s using AI to transform the retail experience
AI – BY MIKE WHEATLEY . 11 HOURS AGO
Gtmhub acquires business reliability platform startup Cliff.ai
CLOUD – BY DUNCAN RILEY . 11 HOURS AGO
eBay acquires NFT marketplace startup KnownOrigin
BLOCKCHAIN – BY DUNCAN RILEY . 12 HOURS AGO
Forgot Password?
Like Free Content? Subscribe to follow.

source

Add a comment