200 Interactions, 2 today
Cybersecurity is now a must-have in today’s modern world. If IT technology progresses, data gathering inside businesses grows, but so does the risk of cyber attacks. As a result, organisations such as Facebook, Coinbase, and others have made data security a top priority.
MetaMask, a distributor of Ethereum wallets, recently tweeted about a new phishing bot operation on the social media site. Users were warned of “a new type of phishing bot,” according to the username.
According to the Crypto wallet provider’s alert, the bot tries to snatch users’ seed phrases by leading them to a bogus instant help site where they must type details into a Google doc form. This so-called text asks for a hidden recovery expression that is only known to the users’ crypto wallet.
🚨PHISHING ALERT!: a new type of phishing bot is becoming active. 🎣
👨🏻Comes from an account that looks “normal” (but few followers)
📑Helpfully suggests filling out a support form on a major site like Google sheets (hard to block).
🪝Asks for your secret recovery phrase. pic.twitter.com/EeHumnmzbE
— MetaMask (@MetaMask) May 3, 2021
However, as per the official tweet, MetaMask, the easy way to avoid this kind of phishing attack was to seek support from the “Get Help” option within the MetaMask app itself. Unlike the bot activity, the app always directed the users to its own domain.
The wallet provider also encouraged their clients to identify and bring attention to such scams, something which they could do in the app itself.
Despite the warning, some of its users had already succumbed to the scamming activity from this bot.
— Emi (@emilemuss) April 29, 2021
MetaMask, the Ethereum wallet service, and browser extension recorded 5 million monthly active users as of April 27. Due to its popularity, it is one of the top targets for hackers and scammers. In December 2020, it witnessed another similar attack, called the ‘rotten seed phrase attack’. The scammers had created a fake website that spawned seed phrases, which once installed allowed the bots to seize users’ wallets.