MetaMask “Action Required” Email Scam – What You Need To Know

Photo of author

Written by: Thomas Orsolya

Published on:

In recent weeks, a deceptive phishing scam has been targeting MetaMask users via email. The scam email carries the subject line “ACTION REQUIRED!!” and claims to be from MetaMask Online. It states that a suspicious login attempt has been detected, instructing the recipient to review their account settings and take action due to an alleged threat.

This is a scam designed to steal users’ private keys and drain their cryptocurrency wallets. MetaMask would never send an email asking users to connect their wallets or input private information. While the email contains some convincing details like a fake IP address and location, it should be regarded as fraudulent.

In this guide, we’ll break down exactly how the scam works, what to do if you receive the email, and steps to take if you have fallen victim to protect your funds.

scam 1 5

Overview of the Metamask “Action Required” Scam

The deceptive email follows a standard phishing format, instructing the recipient to take urgent action to secure their account. It contains:

  • A subject line of “ACTION REQUIRED!!,” styled with two exclamation points to spur urgency in the reader. This is a common tactic of phishing scams to get recipients to open the email quickly.
  • Claims that MetaMask Online has detected a “suspicious login attempt” to the recipient’s account. MetaMask Online is a completely fabricated entity, not associated with the real MetaMask service. Scammers utilize false claims of detecting suspicious activity to create urgency.
  • Details of the alleged suspicious login attempt including the location, IP address, and user agent associated with it. For example, the email may state the attempt came from China, listing a random IP address, and false user agent like “Mozzila/5.0”. These types of credible details are fabricated by scammers to add legitimacy to phishing emails.
  • Instructions stating that the recipient must review their account settings immediately and verify the activity by connecting their crypto wallet. This is the trap! Scammers give firm instructions to connect wallets urgently in order to steal funds. No genuine service would make such requests by email.
  • Recommended actions for the recipient to take, such as restoring their account access by entering private keys or seed phrases. This grants the scammer full access to steal cryptocurrency.

The scam creatively combines several effective phishing techniques including:

  • Subject lines styled for urgency like “ACTION REQUIRED” in all caps with exclamation points. This triggers recipients to open the email quickly.
  • Claims of detecting “suspicious activity” to make the user feel their account is compromised. Fear is used as a powerful motivator.
  • Fake entities like “MetaMask Online” to create a false sense of legitimacy in the sender.
  • Fabulous specific details like IP addresses, locations, and browser user agents to lend credibility.
  • Firm instructions and recommended actions to “restore access” or “verify activity” by connecting wallets or inputting private keys. This grants scammers access.

The email cleverly combines urgency, official branding, and credible details to convince recipients to click links and connect their wallets. But it is entirely fraudulent, aimed at stealing funds once scammers gain wallet access. No action should be taken.

How the Metamask “Action Required” Scam Works

The Metamask “Action Required” phishing scam operates in distinct steps designed to steal cryptocurrency funds from victims:

1. Scam Email is Sent Out

The scammers acquire email addresses through illegal means such as malware attacks, data breaches, or purchasing lists on the dark web. They then send out the phishing email en masse to MetaMask user inboxes. The urgent “Action Required” subject line encourages recipients to open the scam message quickly.

2. Recipient Opens the Deceptive Email

Seeing the subject styled with urgency, the recipient opens the email to read further. The fabricated details seem legitimate and security concerns are raised for the recipient about their wallet’s safety.

3. Fake Sender Name and Story Builds Trust

The email claims to be from “MetaMask Online,” a fake entity name crafted to sound like the real service. Claims of detecting suspicious activity such as an unauthorized login attempt build trust and heighten urgency.

Here is how the email scam might look:

Subject: ACTION REQUIRED !!
METAMASK ONLINE<supports@flowcreativeevents.com></supports@flowcreativeevents.com>

to XXXXX

Suspicious login attempt detected.

Review your account settings for any signs of suspicious activity.

This access was from the following source:

Location
China

IP Address
61.121.143.22

Agent
Mozzila/5.0 (Linux; U; Android 2.2)

Verify activity

Here are some recommended actions you might want to take.

In this case, your account might be at risk. Follow these steps immediately:

Connect your wallet to restore access to your account and lift the quarantine status.

4.Technical Details Add Legitimacy

Specifics like an alleged source IP address, physical location, and browser user agent make the suspicious activity alert seem real. But the IP and user agent are completely fabricated.

5.Instructions Trigger Immediate Action

Instructions in the email urge the recipient to “connect wallet immediately” and “restore access” to verify the suspicious activity. This creates urgency to take action through the provided links.

6. Recipient Clicks Fraudulent Links

Believing the urgency and details in the scam email, the recipient clicks on a fraudulent link provided. This leads to a fake site cloned to mimic the real MetaMask login page.

7. User Inputs Private Key on Fake Site

On the cloned scam site, the recipient enters their seed phrase or private account key believing they are securing their wallet. But this grants the scammer full access.

8. Scammer Empties the Victim’s Wallet

Within minutes of gaining access through the inputted private key, the scammers rapidly drain the victim’s cryptocurrency wallet, transferring funds to their own wallets.

9. Scam Completes as Victim Losses Funds

The victim is disconnected from their drained wallet, having lost all of their cryptocurrency funds to the scammers in a matter of minutes. The phishing scam is complete.

10. Scammer Vanishes Without a Trace

With the victim’s funds in their possession, the scammers disconnect and disappear. They cover their tracks to remain anonymous, leaving the victim with no recourse to recover stolen funds.

By understanding each step in the scam process, MetaMask users can recognize warning signs and missteps to avoid before it’s too late. Never input private keys or seed phrases from unsolicited email links.

What to Do If You Receive the Scam Email

If the fraudulent MetaMask email lands in your inbox, here are the steps to take:

  • Do Not Click Any Links: The email contains fraudulent links. Do not click them under any circumstances.
  • Check the Send Address: The email does not come from an official MetaMask domain. Double check the sender address.
  • Forward to Phishing@metamask.io: Forward the scam email to MetaMask’s phishing address to report it. This helps them identify threats.
  • Ignore Instructions: Disregard all instructions in the email urging you to restore access or verify activity. MetaMask would never make such requests by email.
  • Do Not Reply: Do not engage with the scammer or reply to the email in any way.
  • Refresh Bookmarks: Refresh your MetaMask bookmarks in case the scam email came from a compromised legitimate address.
  • Run Security Checks: Scan your device for malware in case your address was compromised through malware or a breach.
  • Monitor Account Activity: Log into your verified MetaMask account to monitor activity and ensure no unauthorized access has occurred.

Following these steps can help protect you from being deceived or falling victim to the scam.

What to Do If You Fell Victim to the Scam

If you already connected your wallet or input your private key into a fake MetaMask site through the scam email, here are the steps to take immediately:

  1. Disconnect Wallet: If still connected, immediately disconnect your wallet from the scam site.
  2. Transfer Remaining Funds: Check your wallet balance and transfer any remaining funds out to a new safe wallet address not compromised.
  3. Get New Wallet: Generate a wholly new wallet with a fresh seed phrase. Make sure your device is clean.
  4. Inform Exchanges: Contact any linked exchanges to inform them your previous wallet was compromised. Enact enhanced security protocols.
  5. Scan for Malware: Run malware scans to check if any remote access malware was installed. Remove any infections found.
  6. Reset Passwords: Change passwords on all crypto-related accounts, including exchanges. Enable 2FA for enhanced security.
  7. Contact MetaMask Support: Reach out to MetaMask support to notify them of the scam so they can attempt to track the scammers.
  8. Report to Authorities: File reports about the scam with local law enforcement and cybercrime authorities so they can investigate further. Provide all details available.

Though losses may not be recoverable, these steps can help secure your new wallet and re-establish protections against future scams. Learn from the experience and arm yourself with knowledge against the next attempt.

Frequently Asked Questions About the Metamask “Action Required” Scam

1. What is the Metamask “Action Required” scam email?

The “Action Required” scam is a phishing email sent to Metamask users claiming that a suspicious login attempt was detected. It instructs users to urgently connect their wallet to verify activity. This is a scam to steal crypto funds. The email is not from MetaMask.

2. What details are included in the phishing email?

The email includes a subject line “ACTION REQUIRED!!” to spur urgency. It claims to be from “Metamask Online” and states suspicious activity was seen from an IP address and location. It provides instructions to connect your wallet immediately.

3. Is MetaMask Online a real company?

No, MetaMask Online is a fake entity used by scammers to make the email seem legitimate. MetaMask would never contact users this way.

4. What is the goal of this phishing scam?

The goal is to trick users into clicking links in the email and connecting their cryptocurrency wallets. This grants the scammers access to steal funds from the wallet.

5. How can I identify this Metamask scam email?

Look for an urgent subject line demanding action, claims of suspicious activity, instructions to connect your wallet, and an entity like “Metamask Online” as the sender.

6. What should I do if I receive this scam email?

Do not click any links, forward the email to phishing@metamask.io, check the sender address, ignore all instructions, and monitor your verified MetaMask wallet account.

7. What steps should I take if I fell for the scam?

Disconnect your wallet immediately, get a new wallet and seed phrase, inform exchanges, run malware scans, reset account passwords, contact MetaMask support, and report the scam to authorities.

8. How can I prevent falling for the Metamask phishing scam?

Never click links in unsolicited emails, double check sender addresses, avoid entering seed phrases anywhere, use 2FA on your wallet, and monitor account activity closely.

9. Who is responsible for this phishing scam targeting Metamask users?

Cybercriminal groups are likely behind the scam, obtaining email lists through illegal means. MetaMask is not responsible but does assist law enforcement investigations.

10. Where can I learn more about cryptocurrency phishing scams?

MetaMask’s website has guides on identifying phishing scams. Crypto news sites also provide scam warnings as new threats emerge targeting the crypto community.

The Bottom Line

The MetaMask “Action Required” phishing scam is a crafty deception aimed at draining victims’ crypto wallets by exploiting urgency and emotion. But armed with the knowledge of how the scam operates, users can avoid the trap.

Be vigilant against phishing, never click suspicious links, use 2FA, and monitor wallet activity closely. If unfortunately ensnared, cut losses, get a new secure wallet, and report the scam to all appropriate authorities. There are always nefarious actors looking to steal crypto through deception – but an informed community can guard against them.

How to Stay Safe Online

Here are 10 basic security tips to help you avoid malware and protect your device:

  1. Use a good antivirus and keep it up-to-date.

    Shield Guide

    It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.

  2. Keep software and operating systems up-to-date.

    updates-guide

    Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.

  3. Be careful when installing programs and apps.

    install guide

    Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."

  4. Install an ad blocker.

    Ad Blocker

    Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.

  5. Be careful what you download.

    Trojan Horse

    A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.

  6. Be alert for people trying to trick you.

    warning sign

    Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.

  7. Back up your data.

    backup sign

    Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.

  8. Choose strong passwords.

    lock sign

    Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.

  9. Be careful where you click.

    cursor sign

    Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.

  10. Don't use pirated software.

    Shady Guide

    Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.

To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.

Previous

Remove News-xfegafi.com Pop-Up Ads [Virus Removal Guide]

Next

HSBC Payment Confirmation Email Scam – What You Need to Know