Crypto security firm CipherTrace has issued an alert. Phishing attacks are on the rise among MetaMask users. Here’s how to protect yourself.
Beware of phishing if you install MetaMask
As this CipherTrace report details , complaints about this phishing method , or phishing, using the name MetaMask, have skyrocketed in recent days. The victims installed an extension that masquerades as the MetaMask crypto wallet in Chrome.
Where the method is particularly effective is that it uses advertisements on Google . As MetaMask reported yesterday, a careless user might click without thinking on the first sponsored link that comes up:
“Google allowed a phisher to buy sponsored ads on their search results. If you are using crypto s , try not click on direct links , and if you use the search beware of sponsored links! ”
Fake site and recovery phrase
If you click on the fake advertisement, you end up on an additional site, called “installmetamask”. It looks like the official MetaMask website in every way:
Metamask phishing site
If the user clicks on the installation link, they are prompted to enter their recovery phrase . Its MetaMask wallet is then emptied by the people behind this phishing site.
MetaMask’s product manager, Jacob Cantele, explains that the company has tools in place to detect these types of phishing sites, but there are just too many of them :
“How can we improve ourselves? We currently have warnings posted in multiple places on our product, we maintain a phishing detector that alerts tens of thousands of malicious sites, we regularly run security-related marketing campaigns, and we have legal resources to try to bring down these sites. “
So be careful where you click. We also remind you that you should never communicate your recovery sentences if you are not sure that your interlocutor is legitimate.