MetaMask Raises a Phishing Warning Following Unauthorized Emails via Namecheap

15 views 5:44 am 0 Comments June 30, 2023

Namecheap, a web hosting company, identified the unauthorized use of one of its third-party services to send emails, particularly targeting MetaMask users.

MetaMask, a leading cryptocurrency wallet provider, has cautioned users about ongoing phishing scams where fraudsters are using Namecheap’s third-party email service to reach users.

On the evening of February 12, Namecheap discovered that one of its third-party services had been misused to send unauthorized emails that were specifically aimed at MetaMask users. Namecheap termed the occurrence as an “email gateway issue.”

Through a preventative alert, MetaMask alerted its vast user base that it doesn’t gather Know Your Customer (KYC) data, and it would never use email to discuss account specifics.

The deceptive emails, sent by the scammer, include a link directing to a counterfeit MetaMask site asking for a secret recovery phrase under the guise of “securing your wallet.”

MetaMask advised its users to avoid sharing seed phrases, emphasizing that it gives the scammer total control over the users’ funds.

In the meantime, Namecheap clarified that its services were not compromised, and no customer information was exposed during the incident. In less than two hours after the initial alert, Namecheap confirmed the restoration of its mail delivery, ensuring that all communications would now be from the official source.

However, the primary concern of sending unsolicited emails remains under investigation. Users of both MetaMask and Namecheap are encouraged to double-check website links, email addresses, and points of contact when interacting with communications from both parties.

In response to Cointelegraph’s report on the matter, Namecheap confirmed their successful halting of the fraudulent emails and contacted their upstream provider to handle the issue from their side.

Earlier in January, a hacker exploited Google Ad services to swipe nonfungible tokens (NFTs) and cryptocurrencies from investors.

Notably, NFT influencer NFT God suffered a significant loss after inadvertently downloading malware embedded in a Google ad.

The mishap occurred when the influencer used Google’s search engine to download OBS, an open-source video streaming software. Instead of clicking on the official link, the influencer clicked a sponsored ad link, resulting in a substantial loss of funds.