Cybersecurity has become essential in today’s digital world. As IT tech advances, data collection within companies continues to increase, but so do the possibility of cyber threats. So, the question of keeping data secure has been an important priority for companies like Facebook, Coinbase etc.
According to the warning from the Crypto wallet provider, the bot attempts to steal users’ seed phrases by directing them to a fake instant support portal where the users required to enter information into a Google doc form. This so-called document requests a secret recovery phrase that is confidential to users’ crypto wallet.
🚨PHISHING ALERT!: a new type of phishing bot is becoming active. 🎣
👨🏻Comes from an account that looks “normal” (but few followers)
📑Helpfully suggests filling out a support form on a major site like Google sheets (hard to block).
🪝Asks for your secret recovery phrase. pic.twitter.com/EeHumnmzbE
— MetaMask (@MetaMask) May 3, 2021
However, as per the official tweet, MetaMask, the easy way to avoid this kind of phishing attack was to seek support from the “Get Help” option within the MetaMask app itself. Unlike the bot activity, the app always directed the users to its own domain.
The wallet provider also encouraged their clients to identify and bring attention to such scams, something which they could do in the app itself.
Despite the warning, some of its users had already succumbed to the scamming activity from this bot.
— Emi (@emilemuss) April 29, 2021
MetaMask, the Ethereum wallet service, and browser extension recorded 5 million monthly active users as of April 27. Due to its popularity, it is one of the top targets for hackers and scammers. In December 2020, it witnessed another similar attack, called the ‘rotten seed phrase attack’. The scammers had created a fake website that spawned seed phrases, which once installed allowed the bots to seize users’ wallets.