MetaMask has recently warned investors about the ongoing phishing attempts by scammers, who are attempting to contact users through Namecheap’s third-party upstream system for emails.
On the evening of February 12, web hosting company Namecheap detected the misuse of one of its third-party services for sending unauthorized emails, which directly targeted MetaMask users.
In response to the alert, MetaMask reminded its million followers that it does not collect Know Your Customer (KYC) information and will never reach out over an email to discuss account details.
The phishing emails sent by the hacker contain a link that opens a fake MetaMask website requesting a secret recovery phrase “to keep your wallet secure.”
MetaMask has advised investors to refrain from sharing seed phrases as it hands complete control of the user’s funds to the hacker.
NameCheap confirmed that its services were not breached and that no customer data was leaked in this incident. Within two hours of the initial intimation, Namecheap confirmed that its mail delivery had been restored and that all communications would now be from the official source.
However, the main issue related to the mailing of unsolicited emails is still under investigation. Investors are advised to recheck website links, email addresses, and points of contact when dealing with communications from MetaMask and Namecheap.
It’s worth noting that in January, a hacker used Google Ad Services to steal non-fungible tokens (NFTs) and cryptocurrencies from investors. Therefore, it’s important to stay vigilant and be cautious when dealing with suspicious communications, especially when they involve account details and cryptocurrency transactions.
Always verify the source of any emails or links before sharing any sensitive information.
