The MetaMask Wallet Will Be Suspended Email Scam Explained
Written by: Thomas Orsolya
Published on:
If you are a regular user of MetaMask’s popular crypto wallet service, you may have recently received an email claiming your wallet is at risk of being suspended. This official-looking message urges you to verify your account immediately to avoid suspension. However, it is all a scam designed to steal your crypto assets.
In this comprehensive guide, we will break down exactly how the MetaMask Wallet Will Be Suspended scam works, providing you with the knowledge needed to avoid falling victim. By understanding the tactics used in this phishing campaign, you can keep your digital assets safe.
This article contains:
Scam Overview
The MetaMask Wallet Will Be Suspended scam starts with an email crafted to appear as if it originates from the official MetaMask service. The message within the email claims that according to their systems, your MetaMask wallet has not been properly verified.
It goes on to state that due to an upcoming update related to NFT and cryptocurrency trading, all unverified wallets will be suspended as of a set date. This date is usually a few days or weeks after the scam email was sent, creating a sense of urgency.
To avoid the supposed suspension, the email provides a link or button to easily verify your wallet immediately. However, this link does not lead to a MetaMask domain. Instead, it goes to a nearly identical phishing site designed specifically to mimic the real MetaMask wallet login page.
If a user is tricked into clicking the fraudulent verification link, the fake MetaMask login page asks them to enter their 12 or 24-word recovery phrase to “confirm” their identity. However, this extremely sensitive information would provide full access for criminals to compromise the victim’s real MetaMask wallet and steal potentially thousands of dollars worth of crypto assets.
This social engineering tactic works by instilling anxiety in the email recipients that their MetaMask account is at risk. The professional design and language used in the scam messages lend credibility to the verification request. Many users understandably feel the need to comply, especially with an apparent deadline given before the promised suspension date.
By catching people off guard with an urgent demand from what appears to be a trusted service, the scammers behind the MetaMask Wallet Will Be Suspended phishing scheme are able to successfully steal recovery phrases and access wallet contents. But understanding exactly how their system functions allows users to detect and avoid these crypto theft attempts.
Anatomy of the MetaMask Wallet Will Be Suspended Scam Emails
The scam emails sent out as part of the MetaMask Wallet Will Be Suspended phishing campaigns share common traits in their design and wording. Recognizing these patterns makes it easier to identify and avoid these fraudulent messages.
Here are some of the notable features found in many examples of the phishing emails:
Sender address – While the name might say “MetaMask,” the sending address does not actually come from an @metamask.io domain. Pay attention to the details here.
Subject line – Most examples state “Your MetaMask wallet will be suspended!” or something similar regarding an account suspension threat.
Greeting – A generic greeting like “Dear customer” or “Dear user” is used instead of your name, showing the message was mass-sent.
Body content – The text claims your wallet requires immediate verification due to a site update, or else suspension will automatically occur by a specific date.
False sense of security – The content assures the urgency is for your safety and that MetaMask cares about its users.
Verification link – A button or link within the email leads to convincing fake MetaMask login pages to phish your recovery phrase.
Closing signature – The message closes with “The MetaMask Team” or a similar unofficial designator.
Once aware of these patterns found in the scam emails, it becomes much easier to detect fraudulent messages and avoid their phishing links. But understanding how the sites themselves operate is also crucial.
Anatomy of the Fraudulent MetaMask Verification Sites
If you do click on a wallet verification link from a scam email, you will be directed to convincingly designed fake MetaMask login pages. These sites are specifically crafted to mirror the authentic MetaMask wallet site in design, fonts, colors, graphics and branding.
But a close inspection reveals discreet flaws proving the site is an imposter. Watch for these signs you are on a phishing version rather than the real wallet login page:
Domain name – Hover over the URL and you’ll see it is not a real metamask.io site, but another domain impersonating it.
Spelling errors – Phishing sites often contain typos within text content that the legitimate site would not have.
Contact links – Any site footer links leading to fake MetaMask social media or support pages.
Login emphasis – The site focuses heavily on prompting your wallet recovery phrase rather than allowing app access.
Once spotted, these signals make it clear the page is a scam. But the site will still attempt to convince you to enter your recovery phrase by whatever means necessary…
The fraudulent MetaMask verification site will claim that this sensitive data is required for “confirmation” purposes before your access is restored. Without this wallet passphrase, the scammers claim you risk losing your account and assets.
However, real MetaMask services would never directly ask users for their recovery phrase or password under any circumstances. Anyone providing this data hands the scammers total control to drain their funds.
Now that you understand exactly how these scammers build convincing phishing emails and sites to obtain access to crypto wallets, it is vital to learn how to protect yourself and respond appropriately if targeted…
How the Scam Works
The MetaMask Wallet Will Be Suspended phishing scam operates in four key stages to successfully steal funds from victims who unfortunately take the bait:
1. Sending Fraudulent Warning Emails
The first step of the scam is distributing convincing warning emails to as many MetaMask users as possible. Using purchased email lists and scraping addresses from sources online, the scammers blast out messages en masse.
Subject lines are designed to create urgency, stating your wallet requires immediate verification or suspension will occur soon. The body content references an upcoming update that demands account confirmation for security purposes.
A fraudulent link buried in the text leads to the next stage when clicked by concerned recipients. All content is crafted to appear as if MetaMask itself sent these crucial warnings.
Here is how the scam email might look:
MetaMask
Dear customer, Our system has shown that your Metamask has not yet been verified. This verification can be done easily on the page below. Due to the new update of NFT’s & Coins, all unverified accounts will be suspended on [date]
We’re sorry for any inconvenience we cause with this, but please keep in mind that our intention is to keep our customers safe and happy.
VERIFY MY WALLET
2. Directing Users to Fake MetaMask Sites
Once a user clicks the misleading verification link, it sends them to elaborately designed phishing pages mimicking the real MetaMask login site. Using the official branding and visuals, it becomes difficult for many to recognize the site is fake.
These impersonator sites are set up specifically to harvest your wallet recovery phrase in the next stage. All content focuses heavily on prompting you to input this data, rather than letting you access your account.
Subtle flaws like incorrect domains and spelling errors may reveal the site is fraudulent, but scammers still succeed in deceiving some at this point.
3. Tricking Users into Providing Their Recovery Phrase
Even if the site seems suspicious, the scammers use urgency and supposed threats of account suspension to trick victims into giving up their recovery phrase.
Convincing text explains this sensitive data is required as an identity confirmation measure before the imminent deadline. Unfortunately, some victims enter their full recovery phrase at this point, playing right into the scammers’ hands.
Once submitted, this passphrase provides the scammers with everything they need to access and drain the user’s MetaMask wallet on the real service.
4. Stealing Funds from Compromised Wallets
Using the recovery phrases they have successfully phished from victims, the scammers rapidly take over accounts on the legitimate MetaMask site to remove any crypto assets within.
Victims may receive another email claiming further confirmation is still needed and urging them to submit even more sensitive data. In their panic, some comply, allowing scammers to fully control and wipe out the wallet.
Within hours or days of a user falling for the phishing site prompts, their wallet is emptied and crypto holdings transferred away before they realize what happened. This is how providing the recovery phrase, even to a fake site, leads to the loss of all assets.
Now that you’re aware of each step in the scam process, you can identify the warning signs and ensure your wallet stays secure.
What to Do if You Have Fallen Victim to This Scam
If you did submit your recovery phrase or other login details to a MetaMask verification phishing site, all hope is not lost. Here are the steps to take right away if you realize you’ve been scammed:
Do not submit any more information to the scammers. Even if you receive further emails requesting additional confirmation, do not comply.
Check your real MetaMask wallet immediately. Log into the real wallet app or site to assess if any assets have been stolen yet. Move them to a new wallet for safety if possible.
Change your password. Update your real MetaMask account password to one the scammers do not have access to. Enable 2-factor authentication as well for added security.
Contact MetaMask support. Inform them of the phishing attempt and loss of funds so they can potentially help recover access or track
Report the scam. File reports with the FTC and IC3 to make authorities aware of the phishing campaign targeting MetaMask users. The more claims submitted, the more likely action will be taken to stop these scammers.
Scan devices for malware. Phishing links could install dangerous malware used to spy on your activity and steal crypto wallet data. Run scans to remove anything suspicious.
Avoid links from unknown senders. Be wary of clicking links in emails from unverified senders in the future to protect yourself from phishing risks going forward. Verify safety through separate channels before clicking.
Use a crypto wallet with added security features. Choose a wallet service like MetaMask that offers additional measures like address whitelisting or multi-signature transactions to limit future scam impact.
Learn the signs of phishing attempts. Now that you have seen these tactics firsthand, brush up on how to detect fraudulent emails, sites, and requests so you can stay safe. Understanding common tricks like urgency, impersonation, and threat of account suspension makes it far easier to avoid being fooled by scams going forward.
Is Your Device Infected? Check for Malware
If your device is running slowly or acting suspicious, it may be infected with malware. Malwarebytes Anti-Malware Free is a great option for scanning your device and detecting potential malware or viruses. The free version can efficiently check for and remove many common infections.
Malwarebytes can run on Windows, Mac, and Android devices. Depending on which operating system is installed on the device you’re trying to run a Malwarebytes scan, please click on the tab below and follow the displayed steps.
Malwarebytes For WindowsMalwarebytes For MacMalwarebytes For Android
Scan your computer with Malwarebytes for Windows to remove malware
Malwarebytes stands out as one of the leading and widely-used anti-malware solutions for Windows, and for good reason. It effectively eradicates various types of malware that other programs often overlook, all at no cost to you. When it comes to disinfecting an infected device, Malwarebytes has consistently been a free and indispensable tool in the battle against malware. We highly recommend it for maintaining a clean and secure system.
Download Malwarebytes for Windows
You can download Malwarebytes by clicking the link below.
After the download is complete, locate the MBSetup file, typically found in your Downloads folder. Double-click on the MBSetup file to begin the installation of Malwarebytes on your computer. If a User Account Control pop-up appears, click “Yes” to continue the Malwarebytes installation.
Follow the On-Screen Prompts to Install Malwarebytes
When the Malwarebytes installation begins, the setup wizard will guide you through the process.
You’ll first be prompted to choose the type of computer you’re installing the program on—select either “Personal Computer” or “Work Computer” as appropriate, then click on Next.
Malwarebytes will now begin the installation process on your device.
When the Malwarebytes installation is complete, the program will automatically open to the “Welcome to Malwarebytes” screen.
On the final screen, simply click on the Open Malwarebytes option to start the program.
Enable “Rootkit scanning”.
Malwarebytes Anti-Malware will now start, and you will see the main screen as shown below. To maximize Malwarebytes’ ability to detect malware and unwanted programs, we need to enable rootkit scanning. Click on the “Settings” gear icon located on the left of the screen to access the general settings section.
In the settings menu, enable the “Scan for rootkits” option by clicking the toggle switch until it turns blue.
Now that you have enabled rootkit scanning, click on the “Dashboard” button in the left pane to get back to the main screen.
Perform a Scan with Malwarebytes.
To start a scan, click the Scan button. Malwarebytes will automatically update its antivirus database and begin scanning your computer for malicious programs.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now scan your computer for browser hijackers and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check the status of the scan to see when it is finished.
Quarantine detected malware
Once the Malwarebytes scan is complete, it will display a list of detected malware, adware, and potentially unwanted programs. To effectively remove these threats, click the “Quarantine” button.
Malwarebytes will now delete all of the files and registry keys and add them to the program’s quarantine.
Restart your computer.
When removing files, Malwarebytes may require a reboot to fully eliminate some threats. If you see a message indicating that a reboot is needed, please allow it. Once your computer has restarted and you are logged back in, you can continue with the remaining steps.
Your computer should now be free of trojans, adware, browser hijackers, and other malware.
If your current antivirus allowed this malicious program on your computer, you may want to consider purchasing Malwarebytes Premium to protect against these types of threats in the future. If you are still having problems with your computer after completing these instructions, then please follow one of the steps:
Scan your computer with Malwarebytes for Mac to remove malware
Malwarebytes for Mac is an on-demand scanner that can destroy many types of malware that other software tends to miss without costing you absolutely anything. When it comes to cleaning up an infected device, Malwarebytes has always been free, and we recommend it as an essential tool in the fight against malware.
Download Malwarebytes for Mac.
You can download Malwarebytes for Mac by clicking the link below.
When Malwarebytes has finished downloading, double-click on the setup file to install Malwarebytes on your computer. In most cases, downloaded files are saved to the Downloads folder.
Follow the on-screen prompts to install Malwarebytes.
When the Malwarebytes installation begins, you will see the Malwarebytes for Mac Installer which will guide you through the installation process. Click “Continue“, then keep following the prompts to continue with the installation process.
When your Malwarebytes installation completes, the program opens to the Welcome to Malwarebytes screen. Click the “Get started” button.
Select “Personal Computer” or “Work Computer”.
The Malwarebytes Welcome screen will first ask you what type of computer are you installing this program, click either Personal Computer or Work Computer.
Click on “Scan”.
To scan your computer with Malwarebytes, click on the “Scan” button. Malwarebytes for Mac will automatically update the antivirus database and start scanning your computer for malware.
Wait for the Malwarebytes scan to complete.
Malwarebytes will scan your computer for adware, browser hijackers, and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Quarantine”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes has detected. To remove the malware that Malwarebytes has found, click on the “Quarantine” button.
Restart computer.
Malwarebytes will now remove all the malicious files that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your computer.
Your Mac should now be free of adware, browser hijackers, and other malware.
If your current antivirus allowed a malicious program on your computer, you might want to consider purchasing the full-featured version of Malwarebytes Anti-Malware to protect against these types of threats in the future. If you are still experiencing problems while trying to remove a malicious program from your computer, please ask for help in our Mac Malware Removal Help & Support forum.
Scan your phone with Malwarebytes for Android to remove malware
Malwarebytes for Android automatically detects and removes dangerous threats like malware and ransomware so you don’t have to worry about your most-used device being compromised. Aggressive detection of adware and potentially unwanted programs keeps your Android phone or tablet running smooth.
Download Malwarebytes for Android.
You can download Malwarebytes for Android by clicking the link below.
In the Google Play Store, tap “Install” to install Malwarebytes for Android on your device.
When the installation process has finished, tap “Open” to begin using Malwarebytes for Android. You can also open Malwarebytes by tapping on its icon in your phone menu or home screen.
Follow the on-screen prompts to complete the setup process
When Malwarebytes will open, you will see the Malwarebytes Setup Wizard which will guide you through a series of permissions and other setup options. This is the first of two screens that explain the difference between the Premium and Free versions. Swipe this screen to continue. Tap on “Got it” to proceed to the next step. Malwarebytes for Android will now ask for a set of permissions that are required to scan your device and protect it from malware. Tap on “Give permission” to continue. Tap on “Allow” to permit Malwarebytes to access the files on your phone.
Update database and run a scan with Malwarebytes for Android
You will now be prompted to update the Malwarebytes database and run a full system scan.
Click on “Update database” to update the Malwarebytes for Android definitions to the latest version, then click on “Run full scan” to perform a system scan.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now start scanning your phone for adware and other malicious apps. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Remove Selected”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes for Android has detected. To remove the malicious apps that Malwarebytes has found, tap on the “Remove Selected” button.
Restart your phone.
Malwarebytes for Android will now remove all the malicious apps that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your device.
Your phone should now be free of adware, browser hijackers, and other malware.
If your current antivirus allowed a malicious app on your phone, you may want to consider purchasing the full-featured version of Malwarebytes to protect against these types of threats in the future. If you are still having problems with your phone after completing these instructions, then please follow one of the steps:
Restore your phone to factory settings by going to Settings > General management > Reset > Factory data reset.
Frequently Asked Questions about the Fake MetaMask Wallet Will Be Suspended Scam
1. What is the fake MetaMask Wallet Will Be Suspended scam?
The fake MetaMask Wallet Will Be Suspended scam is a phishing campaign where scammers send out fraudulent emails pretending to be from MetaMask. These emails claim your wallet is at risk of being suspended and must be immediately verified. They provide links to fake MetaMask login pages designed to steal your recovery phrase and crypto assets.
2. How do I recognize a fake MetaMask verification email?
Fake verification emails often come from non-MetaMask addresses. They have urgent subject lines about needing to verify your wallet. The content warns your account faces suspension without quick confirmation. Links lead to phishing sites instead of the real metamask.io site.
3. What happens if I click the verification link?
The link goes to elaborate phishing sites pretending to be the real MetaMask login page. They may look convincing, but inspect the URL to reveal an incorrect domain name. These fake sites are designed to trick you into entering your recovery phrase, allowing scammers to steal your crypto.
4. Why should I never enter my recovery phrase on these sites?
Your recovery phrase provides full access to your MetaMask wallet. Real MetaMask services would NEVER ask directly for this sensitive information. Submitting it to scammers gives them everything they need to take your crypto assets.
5. What steps should I take if I gave scammers my recovery phrase?
If you realize you submitted your recovery phrase to a fake site, take these steps immediately:
Check your real MetaMask wallet to see if assets are stolen. Move them if possible.
Change your real MetaMask password and enable 2FA.
Contact MetaMask support about the phishing attempt.
Report the scam to authorities like the FTC and IC3.
Run malware scans in case the site infected your device.
Never submit more info to the scammers even if they request it.
6. How can I better protect myself from phishing scams in the future?
Verify sender addresses and links fully before clicking.
Learn to recognize signs of phishing attempts like threats and urgency.
Use wallets with enhanced security features like whitelists.
Never provide sensitive account info unless you have confirmed legitimacy.
Keep aware of the latest crypto phishing techniques being used.
7. What should I do if I see a MetaMask phishing email?
If you receive an email you suspect is a MetaMask phishing scam, report it immediately as fraudulent. Alert MetaMask support as well with details about the scam attempt. Delete the message and do not click any links within it.
The Bottom Line
The MetaMask Wallet Will Be Suspended phishing scam is a dangerous fraud sweeping the crypto space that all users need to be aware of. By learning the typical features of the scam emails and fraudulent login pages, you can keep yourself from falling victim.
If you do mistakenly provide your recovery phrase or other details to an imposter site, take immediate action to secure your assets, regain control of your account, report the scam, and implement enhanced security precautions.
While the tactics used in phishing campaigns like this MetaMask Wallet Will Be Suspended scam can be highly convincing, awareness of their techniques allows you to recognize and avoid them. By spreading awareness, implementing safety measures, and taking swift action if targeted, users can help mitigate the risk these scammers pose to the crypto community.
How to Stay Safe Online
Here are 10 basic security tips to help you avoid malware and protect your device:
Use a good antivirus and keep it up-to-date.
It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.
Keep software and operating systems up-to-date.
Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.
Be careful when installing programs and apps.
Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."
Install an ad blocker.
Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.
Be careful what you download.
A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.
Be alert for people trying to trick you.
Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.
Back up your data.
Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.
Choose strong passwords.
Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.
Be careful where you click.
Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.
Don't use pirated software.
Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.
To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.
Meet Thomas Orsolya
Thomas is an expert at uncovering scams and providing in-depth reporting on cyber threats and online fraud. As an editor, he is dedicated to keeping readers informed on the latest developments in cybersecurity and tech.
