Moral of the story: always be sure to double-check what website you're visiting before entering in any information. Same goes when you plan to connect to a website with Metamask...
You are right. They may hack Metamask too. We should more conscious while we give authorization.
Funny the OP has put Tedchain as a example because they have been exposed as scam months ago but this people will simply not stop.
I have two email by name of two token/ico/company. It is not a fact what is the name of the token. The email sender may use the name of any ico. We do not need to give concentration what is the name of the company but we have to give concentration about the way of hacking and way of preventing. Both of my emails show same way of hacking that means it is sending by same people or same group of people. Hopefully think you have understood what I wanted to say.
I recommend 2fa authenticator
Probably you have missed something. You cant prevent it by 2FA.
And I just saw another method they now use, sending malware PDF to telegram group with titles of whitepaper or other title relating to project to deceive group members to open file.
You are right. I have noticed that too. Actually scammer trying to find out new way day by day.