"Possible security breach"?

Hi, I received an email from noreply@metamask.io with the following:
" Dear customer,

You are receiving this email because we have detected some unusual activities on our network, because malicous botnets exist on our platform taking assets away from our costumers. In order to remove a large amount of bots from our platform and to prevent this from happening to your wallet in the future, we will be terminating all wallets that have not been verified by their rightful owners. Verifying your wallet can be done via the button below.

Non-verified accounts will be terminated on Saturday, October 15, 2022. There is no way to recover your assets after your account has been terminated, so please make sure to verify your wallet as soon as possible.

Thank you for your understanding."

Is this legit or spoofed? I tried searching but didn’t see any matching threads. Thanks.

11 Likes

Hi @Hax0r ,

Welcome to the MetaMask community!

This is a scam. MetaMask does not have users email. Ignore this and do not click on any of the links.

Link to a MetaMask Knowledge Base article regarding this:

13 Likes

Thanks for the info. Although now I’m getting community notifications from notifications@metamask.discoursemail.com and I had to verify the account to post this thread, so the email must be recorded by MetaMask right? But not linked for the wallet you mean?

Does MetaMask have a security team or anyone who can take down the spoofers?

8 Likes

Hi! ,

Great questions!

The community notifications email is from Discourse, not MetaMask. Discourse is it’s own platform, MetaMask uses this platform for our community forum. The email you registered on Discourse with is not shared with or stored by MetaMask, it also has no way of being tied to your wallet. You can make adjustments to your Discourse email notifications by clicking your profile picture in the upper right hand corner of screen, click the person icon, choose preferences, go to Emails on left column of choices and make adjustments there as you wish.

One personal note I want to throw in there, that with all emails (crypto or not), it’s best practice to use caution. I personally try to never click on any links and if it’s a known account or site I visit I just go to the actual site in my browser the email is attempting to get me to click to. Example, if I receive an email from my bank, I never click links in it because that is a regular scam of phishing links. I would apply this rule to the Discourse emails too, not using those links but just visiting the forum that I know my message lives. Unfortunately, where there is any type of value, scammers are going to try and scam. It’s great your cautious and asking here. It also helps spread more awareness to others in the community! :fox_face:

Here is another MetaMask Knowledge Base article that shares some great info relating to all of this, sharing if it’s helpful!

12 Likes

Ok, thanks for your help. I just realized that I may have entered my seed phrase into another “verification” scam that was also spoofing noreply@metamask.io a while ago, so I guess that wallet is pwned and should not be used. Luckily I never put any funds there.

I want to follow Rule 9 and report this scam, where should I do that? Can I just post the domain and header data from the email here, or is somewhere else better for reporting them?

6 Likes

Yes! So sorry, you asked this in your previous post and I meant to answer it. You can report to MetaMask Help Desk. Do this by visiting support.metamask.io and click the blue ‘Start a Conversation’ bubble. This will initially connect you with a bot, but as you answer questions it will get you connected to an agent.

Provide screenshots of the emails you received, sharing the ‘from’ email of the address where it came from. If you have a site link, provide that too but do not actually visit any links/sites you have to get info. We don’t want you to get compromised while trying to report.

Support will NEVER ask to connect to your device or for your Secret Recovery Phrase.

Yes, you are 100% correct. Do not use the wallet you inputting your SRP (Secret RecoveryPhrase) for, that was a scam.

Here are some common SRP scams -

-email verification (MetaMask does not have your email)
-text message or call (MetaMask does not have this info)
-email or notice you need to do something with your tokens because of the merge
-pop-up windows (that look legit and like they are from MetaMask) asking you to put in your SRP again.
-anything asking you to verify your SRP , including any site you are visiting

If you’re logged in your wallet, there is no reason that you should get asked for your SRP and if you are it’s best to be strongly suspicious.

If it’s suspicious, feel free to ask here!

Also, dropping some more articles if you find them of any interest:

4 Likes

Maybe consider getting a hardware wallet for an extra layer of security. One note, if you do get one buy directly from the hardware wallet company (like Ledger get from Ledger, Trezor from Trezor, etc.) and not any type of 3rd party seller. Here is an article about them:

You can check out our last ‘Get Started in Web3: All Things MetaMask’ workshop call here, there is some really great info shared in it:

3 Likes

Ok, I will try reporting the fake MetaMask spoofing emails to support.metamask.io and check out those resources you provided. Unfortunately I’m kind of familiar with scams now from another case, that’s why I’m more on top of it now.

Any idea how the scammers knew I had a MetaMask login to target me, or are they just spamming everyone randomly and they got lucky?

3 Likes

Remember - never share your Secret Recovery Phrase. The only time you’d input it is when you’re restoring your wallet (because you reset it yourself) and no other reason. :fox_face:

3 Likes

I’m so sorry to hear you were victim of fraud. Check out that hardware wallet link for sure. Although, be sure of all the best practices with those too or possible issues.

Your question about how scammers might know you have a MM wallet is another really good question. I saw this response recently in regards to this that I think provides good insight (I’m going to copy paste it word for word :slight_smile: ) -

It’s called spear fishing. They target users of other crypto services that do use email.

MM doesn’t collect much data. None of it is personal info.

2 Likes

That makes sense, pretty clever by the scammers. I opened a ticket with support.metamask.io (had to enter my email againlol). Thanks again for all your help!

2 Likes

You got it! Thanks for coming to ask the questions! I think with the platform for Help Desk, while you provide the email you can go to the actual site for the conversation. Just remember, support isn’t going to ask for your SRP (including QR code) or for you to input it anywhere or for you to share your device.

I meant to mention there are many more ways for people’s data to get harvested, but that was a recent share I saw that really struck home for me. Watch for social engineering, and people being able to link your online persona to you somehow. Like don’t use your name on forums, or something that could get tied back to you.

We’re here if you ever need us or have more questions! So is our help desk :slight_smile:

5 Likes

This topic was automatically closed after 30 days. New replies are no longer allowed.