Hackers target MetaMask users under the pretext of KYC compliance: Armorbox
As crypto exchanges and wallets make KYC mandatory for users, scammers are targeting crypto traders under the pretext of getting their wallets KYC compliant, reveals a new research Armorblox. MetaMask is one of the most widely used crypto wallet that allows users to store digital assets, interact with the blockchain and host dApps.
According to Armorblox researchers, hackers pass Microsoft Office 365, and draft email attacks targeting multiple organizations across the financial industry. The email sent out to users looks like a legit email from MetaMask wallet asking users to verify their account. However, when victims clicked the link they are taken to a spoofed MetaMask verification page.
The socially engineered email was titled ‘Re: [Request Updated] Ticket: 6093-57089-857’ and looked to be sent from MetaMask support email: support@metamask.as. “The email body spoofed a Know Your Customer (KYC) verification request and claimed that not complying with KYC regulations would result in restricted access to MetaMask wallet,” the researchers said in a blog post.
Upon clicking the “Verify your Wallet” button, within the email, the victim is redirected to a fake landing page – one that closely resembled a legitimate MetaMask verification page. The victim was prompted to enter his or her Passphrase in order to comply with KYC regulations and to continue the use of MetaMask service.
Staying Safe
“For better protection and coverage against email attacks (whether they’re spear phishing, business email compromise, or credential phishing attacks like this one), organizations should augment built-in email security with layers that take a materially different approach to threat detection,” Researchers at Armorblox said. Subject the email to an eye test that includes inspecting the sender name, sender email address, the language within the email, and any logical inconsencies within the email.
“If you haven’t already, implement these hygiene best practices to minimize the impact of credentials being exfiltrated: Deploy multi-factor authentication (MFA) on all possible business and personal accounts. Don’t use the same password on multiple sites/accounts,” Researchers added.