MetaMask issues scam alert as NameCheap hacker sends unauthorized emails

[_act_]

Newbies that do not know about phishing attack should learn about it and avoid it. Avoid the phishing emails that scammers are sending in order to scam you.

Read this in details:

https://www.bitcoininsider.org/article/204770/metamask-issues-scam-alert-namecheap-hacker-sends-unauthorized-emails

Web hosting company NameCheap detected the misuse of one of its third-party services for sending some unauthorized emails — which directly targeted MetaMask users.

Popular crypto wallet provider MetaMask warned investors against ongoing phishing attempts by scammers attempting to contact users through NameCheap’s third-party upstream system for emails.

On the evening of Feb. 12, web hosting company NameCheap detected the misuse of one of its third-party services for sending some unauthorized emails — which directly targeted MetaMask users. Namecheap described the incident as an "email gateway issue."

https://twitter.com/MetaMask/status/1625006237023866880

⚠️MetaMask does not collect KYC info and will never email you about your account!
Do not enter your Secret Recovery Phrase on a website EVER.
If you got an email today from MetaMask or Namecheap or anyone else like this, ignore it & do not click its links!
https://bleepingcomputer.com/news/security/namecheaps-email-hacked-to-send-metamask-dhl-phishing-emails/

Know that your seed phrase should remain to yourself, do not write it down on any website. Malware links can be on emails too. Ignore any email sent to you regarding your noncustodial wallet. This attack targets Metamask wallet user, but it can be another wallet next time.

[1715271361]

1715271361

[1715271361]

1715271361

[tranthidung]

If newbies learn basics to differentiate custodial and non custodial wallets, they will have less chance to be scammed.

Because it does not make sense if a non custodial wallet asks KYC from users. With such wallets, users already have wallet keys and can move their coins any time. KYC does not make sense in this case.

So if a user received an email to request KYC for a non custodial wallet, that email is like phishing. Chance to see a good non custodial wallet company to change their products to custodial wallet is nearly zero, so impossible to see KYC request.

Don't arbitrarily and carelessly click on any rule. Make sure they double check with announcement on website, Twitter, etc.

[Coyster]

Users have always being taught not to click on links anyhow, and if you receive unsolicited messages, either through email or any other means, it is best to avoid it. Once an attacker has access to your seed phrase, your funds are gone, thus they would do everything possible to ensure you type your seed phrase unknowingly in clone sites. I think many people do not know how important their seed phrase is, that is why they easily fall victim to scam, one should only enter their seed phrase if they want to import their funds, that is after they must have double/triple checked that they are in the right place, only after downloading through the official website.

Having said that, it is also good to have multiple email addresses, using throw away addresses for untrusted websites, whilst having special addresses for trusted websites, so you know what to expect/how to react when you see a message in a particular address.

[Saisher]

They've already addressed this issue and they are investigating this matter for more updates regarding this phishing email check this link

[IN PROGRESS] EMAIL GATEWAY ISSUE

This is one example of why we should not trust all the emails we received when it comes to linking our wallet or sending vital information without verifying, we should remember the basic and cardinal rule, the trusted platform will never ask for private keys.

[348Judah]

I believe it's not only metamask that is found in sending links related to this, we have other exchange and unsolicited wallets updates in this regards we are to be careful because some of this links will just pop in on our screen and ones we click on them we begin to loose resistance against an attack, am so much concerned about why has it always been from metamask we do frequently experience matters like this more frequent.

[Outhue]

Scammers use more than just Metamask to fool their victims and imagine if the receiver also uses Metamask, this can easily confuse them thinking it's really from Metamask, they also use coinbase wallet, token pocket, Trust wallet, and others, so if you are a newbie reading this right now, noncustodial wallets will never send you emails into your gmail account or yahoo account, be careful and treat all crypto wallet emails as a scam, do not bother to open and read.

[Ojima-ojo]

I guess not only metamask bit all over the internet and we need to be careful about the kind of links we click on because hackers are out to steal your information.

And we we stay totally off and learn to become our own security,  it becomes easy to survive and avoid scams.

I am happy investors are getting more informed about the safety of their assets and how not to store large balances in third-party wallets (exchange)

[Desmong]

Scammers are everywhere looking for ways to scam people of there hard earned money. Many of those unauthorized mails might contain malwares that could affect those who are not aware of the effects on clicking on malware mails. It is very good for the MetaMask team to quickly noticed the ambition of the scammers informing the general public.

[wxa7115]

I guess not only metamask bit all over the internet and we need to be careful about the kind of links we click on because hackers are out to steal your information.

And we we stay totally off and learn to become our own security,  it becomes easy to survive and avoid scams.

I am happy investors are getting more informed about the safety of their assets and how not to store large balances in third-party wallets (exchange)

If we are honest and make a fair assessment of the habits people have online it is easy to conclude people are simply too careless, they click on every link they receive and share their data with anyone that asks.

This is a problem not only on this market, banks and many other institutions have to confront the same problems, so people really need to wake up and not share this information so readily, as we know that on this market not only we have the freedoms of a bank but the same responsibilities as well and no one will be able to recover our coins in the case we lose them.

[Apocollapse]

Because it does not make sense if a non custodial wallet asks KYC from users. With such wallets, users already have wallet keys and can move their coins any time. KYC does not make sense in this case.

It's not entirely correct, blockchain.com is also non custodial wallet but they're asking for KYC in order to get $5 bonus [1] the best way is just avoid any message including the official website (there's a chance the official website got hacked) because non custodial wallet has no such lifespan, even you're using the first version of the wallet, you can still able to send and receive any coins.

[1] https://bitcointalk.org/index.php?topic=5392859.0