Soldier
Regular
- Joined
- 20.10.20
- Messages
- 88
- Reaction score
- 739
- Points
- 83
Users of the MetaMask cryptocurrency wallet have become victims of the current phishing campaign, in which criminals use Google ads to steal money. Victims lost their savings after clicking on a fraudulent ad promoted in a search query as the MetaMask site.
All messages from victims describe the same scenario — the money was lost after trying to install an extension for the MetaMask site. The user goes to the fake phishing page MetaMask through Google ads. Once on the page, they are asked to install an extension that will supposedly allow them to either import an existing wallet or create a new one. If the user clicks the "Create wallet" button, they will be redirected to the real site MetaMask.io. However, if they click on the "Import wallet" option, they will be prompted to enter the keyword of their existing wallet, which will then be sent to the attacker. As soon as the fraudster receives the passphrase, he will start stealing funds from the victim's wallet.
The scammers bought the ad to target a malicious campaign on users who search for MetaMask in the Google search engine. The criminals registered several domain names for fraud: maskmefa[.]Io, maskmeha[.]io, installmetamask [.] com, and meramaks [.] io. They were all created through the same NameCheap Registrar.
All messages from victims describe the same scenario — the money was lost after trying to install an extension for the MetaMask site. The user goes to the fake phishing page MetaMask through Google ads. Once on the page, they are asked to install an extension that will supposedly allow them to either import an existing wallet or create a new one. If the user clicks the "Create wallet" button, they will be redirected to the real site MetaMask.io. However, if they click on the "Import wallet" option, they will be prompted to enter the keyword of their existing wallet, which will then be sent to the attacker. As soon as the fraudster receives the passphrase, he will start stealing funds from the victim's wallet.
The scammers bought the ad to target a malicious campaign on users who search for MetaMask in the Google search engine. The criminals registered several domain names for fraud: maskmefa[.]Io, maskmeha[.]io, installmetamask [.] com, and meramaks [.] io. They were all created through the same NameCheap Registrar.