I Clicked A Phishing Email In MetaMask
Phishing emails are scammers' ways of getting access to a user's account and later stealing all the funds inside the wallet. I've read several articles that their funds in Metamask wallet were lost without them knowing how it happens. In read.cash there are two users I know that was a victim of this which is Infinity and Fexonice1. I just don't know how their account was compromised resulting to losses. Maybe they used the address for fake giveaways or open a phishing link that contains Malware.
Recently, Ethereum 2.0 merge successfully happens and the scammers find this opportunity to send Phishing emails again. This time, I fall on their tricks. It was too late until I realized there was something off with the email.
Upgrade Your MetaMask Wallet
The email looks legit at the first glance, but if you have the eye of the tiger you'll notice that it is not. It was sent last October 1, but I opened it Yesterday at midnight October 11. I was worried that I haven't upgraded the wallet since I am aware that the Ethereum upgrade happens last September. The email pops in the promotional emails, it made me wonder why it pops in there and not in regular email but I still open the email. Stupidity hits me hard, lmao.
Upon opening, it says that I failed to complete the update and that I have to manually update it by just clicking the Go To Upgrade Page. Although there seems off with the email (I won't tell, as I plan to make a separate article about it) I still click it. But if you are a keen observer, you'll notice it. Just don't spoil, okay!
Then, I was redirected to open it on my MetaMask wallet. Upon opening the browser says, error. I even clicked it several times, for Pete's sake. Until I found out, that it wasn't an email from MetaMask as I'd seen different names on the URL. I was so stupid. I realized I haven't received any emails from MetaMask ever since as they don't send emails not unless you send them first for some concerns.
I've been using MetaMask for almost two years and I haven't changed my wallet address ever since as I didn't encounter any problems with it. It was my first time falling on phishing emails as it looks legit.
I Transferred My Tokens To Paytaca Wallet For The Meantime
I was worried after realizing I opened a phishing email. I have a few tokens in my MetaMask wallet. I tried making a new wallet address using the same account and sent my tokens there. But I was still anxious so I did my research, and I found out it can still be accessible to scammers not unless I'll make a new one using a different email address and generate a new seed phrase. Especially if the CTA (Call To Action) button contains Malware. I store some of my seed phrases in my Google Notes so it's better to be safe than sorry. (But I already cleared it afterwards.)
I don't have an available device during that time to download and make a new wallet so I temporarily download the Paytaca wallet and transfer my LAW tokens in there. I still have a lot of tokens in my wallet but all of it is still very down and I didn't add the tokens yet as I cleared my Data last time to release more space.
I will slowly transfer my tokens if I have time. It is a lot of work since I used that address in all of my MetaMask transactions and I used it in Playing Pegaxy. I still have to transfer those poor horses soon. I haven't played it for ages, ughh!
My wallet doesn't have a huge amount anymore as I tried to exit on SmartBCH last time when I used the GOC bridge to BSC and sell my tokens. But my LAW still amounts to almost 10,000 pesos in our currency. It's already huge money in our currency, so I won't let the scammers get it. I was able to sell one of my Punks last time, speaking of Punks I have to transfer my two Punks too before I'll list them so scammers can't get it.
Ending Remarks
I am not new to this Phishing issue but I still fall on it. Gladly, I was wise enough to notice before I leave my wallet and move my tokens for safety purposes.
I'll make another article about “How To Spot Phishing Emails In MetaMask.” Stay tuned, so you'll avoid future phishing emails and save your ass from any future loss or damage.
Stay safe and smart!
All images are screenshots from my device.
Lead Image: MetaMask wallet in hand & Metamask logo background from Shutterstock (revised in Canva)
Look at the "Due" word, Ate. A verified & legit sources won't send an email with the kind of construction, Ate. 'Yun bang may mga grammatical or punctuational errors, hehe.
And bigla kong naalala 'yung pagkawala ng almost 5K VIS ko around July yata huhuhu. Biglang nawala kahit wala naman akong ino-open na link na associated kay Metamask. Until now, palaisipan pa din for me kung ano ba talagang nangyari at biglang nawala. As in lahat ey ~ pati mga na-claimed ko na before. Di ko lang kasi ma-withdraw pa at that time kasi wala akong token na magamit for withdrawal. 😭