Halborn, a cybersecurity firm, has warned of a new phishing campaign. The campaign targets MetaMask wallet users. MetaMask is among the most popular crypto wallets, and over the years it has been targeted by such campaigns.
Halborn warns against MetaMask phishing campaign
An article published on July 28 by specialist in technical education at Halborn, Luis Lubeck, said that the phishing campaign used emails to target MetaMask users and trick them into sharing their passphrase.
Halborn analyzed the fake emails he received towards the end of July. He noted that these emails were crafted to look genuine, with the message urging users to complete KYC verification and ensure their wallets are verified.
However, there were several red flags in the email. There were several spelling mistakes and the sender’s email address was definitely wrong. Additionally, the phishing emails were sent through a fake domain called metamask.auction.
Phishing campaigns are social engineering attacks that use targeted emails to trick victims into exposing more personal data. The emails contain links which, when followed, lead to malicious websites where hackers will steal cryptocurrencies.
The message also lacked personalization, another red flag that the email was fake. The call to action prompt contains the malicious link that leads to a fake website where users are asked to provide their seed phrase before being redirected to MetaMask, where attackers will steal their crypto wallets.
Halborn is a cybersecurity company created in 2019 by white hat hackers offering blockchain security services. The company completed a $90 million Series A funding round in July. This isn’t the company’s first blockchain exploit. In June, researchers at the company detected a case where private wallet keys could be decrypted in a compromised computer. MetaMask has not yet acknowledged the phishing campaign on its Twitter feed.
Crypto industry phishing campaigns
Phishing campaigns have become very popular in the cryptocurrency industry. Last week, users of the Celsius network were warned of a phishing campaign after an employee of a third-party vendor exposed customer emails.
Towards the end of last month, security researchers also warned of a new malware known as Luca Stealer. The malware strain was written through the Rust programming language and targets Web 3.0 infrastructure, including cryptocurrency wallets. Another malware known as Mars Stealer was also detected targeting MetaMask wallets early last year.
Battle Infinity – New Crypto Presale
- Presale until October 2022 – 16500 BNB Hard Cap
- First Fantasy Sports metaverse game
- Play to Earn Utility – IBAT Token
- Powered by Unreal Engine
- CoinSniper Verified, Strong Proof Verified
- Battleinfinity.io roadmap and whitepaper