For those who don’t know it, Metamask is one of the biggest cryptocurrency wallet platforms. In recent times, it’s become a new target for scammers with the so-called metamask text message scam. Metamask users have also received this message through email. The message alerts users of a blockage in their crypto wallets, and urges them to click to a link to recover it; a very similar modus operandi as in a debit card scam text message.
Most of the scam text messages and emails work like that: they tell users to act quickly and click the link they share in their messages. The metamask text message scam leads to a fake page that even uses the company’s branding, making it much more convincing to distracted users. After entering information on it, users will have their security details compromised. Please note that this blog is not legal advice.
How Does the Metamask Text Message Scam Work?
The metamask text message scam is an SMS message that states that your wallet will be suspended if you don’t enable their SMS authentication system. Along with this text, you’ll find a shortened link that looks like this: service-metamask.io. You can tell right away this is a scam text message because Metamask’s URL is actually metamask.io. And if you take a quick look at its website, there’s no service-metamask URL.
The content and even the shortened links vary, but in general, this is how the scam text message looks like:
“We inform you that your wallet will be suspended if you do not activate the sms authentication system: hxxps://login-metamask[.]io/”
Once those unaware users click the link, they’ll get a fake page that urges them to add their recovery phrase. The page is extremely convincing because it uses Metamask’s logo, fonts, colors, and practically mimics the company’s branding. But if users share their information, their wallet’s security gets seriously compromised, as scammers already have the information they provided.
The scam text message also has an email version with very similar traits: it also uses Metamask’s branding and tells the recipient to verify their wallets before it’s suspended. By clicking the ‘verify your wallet’ button in the email, users are led to a website that asks them to enter their recovery phrase.
Things You Can Do If You Receive This Message
1. Don’t Act Brashly
Scammers know that sometimes people don’t even read what they receive. That’s their advantage. If you have an account with Metamask and receive this type of message or email, go to their real website and contact the company before taking any actions.
2. Check The Links
Don’t click on any suspicious link. As soon as you do that, you’d be exposed to identity theft or let scammers install malware. As mentioned before, take a look at the link’s format: you’ll very likely find out that it’s different from the company’s actual website. That tells you right away that you received a suspicious text message.
3. Delete and Report the Message
Go to the list of received text messages, tap Delete and select the ‘Report Junk’ option. You can also copy the message and forward it to 7726; which helps wireless providers spot and block similar messages.
