I Clicked A Phishing Email In MetaMask

26 81
Avatar for Eybyoung
1 year ago

Phishing emails are scammers' ways of getting access to a user's account and later stealing all the funds inside the wallet. I've read several articles that their funds in Metamask wallet were lost without them knowing how it happens. In read.cash there are two users I know that was a victim of this which is Infinity and Fexonice1. I just don't know how their account was compromised resulting to losses. Maybe they used the address for fake giveaways or open a phishing link that contains Malware.

Recently, Ethereum 2.0 merge successfully happens and the scammers find this opportunity to send Phishing emails again. This time, I fall on their tricks. It was too late until I realized there was something off with the email.

Upgrade Your MetaMask Wallet

The email looks legit at the first glance, but if you have the eye of the tiger you'll notice that it is not. It was sent last October 1, but I opened it Yesterday at midnight October 11. I was worried that I haven't upgraded the wallet since I am aware that the Ethereum upgrade happens last September. The email pops in the promotional emails, it made me wonder why it pops in there and not in regular email but I still open the email. Stupidity hits me hard, lmao.

Upon opening, it says that I failed to complete the update and that I have to manually update it by just clicking the Go To Upgrade Page. Although there seems off with the email (I won't tell, as I plan to make a separate article about it) I still click it. But if you are a keen observer, you'll notice it. Just don't spoil, okay!

Then, I was redirected to open it on my MetaMask wallet. Upon opening the browser says, error. I even clicked it several times, for Pete's sake. Until I found out, that it wasn't an email from MetaMask as I'd seen different names on the URL. I was so stupid. I realized I haven't received any emails from MetaMask ever since as they don't send emails not unless you send them first for some concerns.

I've been using MetaMask for almost two years and I haven't changed my wallet address ever since as I didn't encounter any problems with it. It was my first time falling on phishing emails as it looks legit.

I Transferred My Tokens To Paytaca Wallet For The Meantime

I was worried after realizing I opened a phishing email. I have a few tokens in my MetaMask wallet. I tried making a new wallet address using the same account and sent my tokens there. But I was still anxious so I did my research, and I found out it can still be accessible to scammers not unless I'll make a new one using a different email address and generate a new seed phrase. Especially if the CTA (Call To Action) button contains Malware. I store some of my seed phrases in my Google Notes so it's better to be safe than sorry. (But I already cleared it afterwards.)

I don't have an available device during that time to download and make a new wallet so I temporarily download the Paytaca wallet and transfer my LAW tokens in there. I still have a lot of tokens in my wallet but all of it is still very down and I didn't add the tokens yet as I cleared my Data last time to release more space.

I will slowly transfer my tokens if I have time. It is a lot of work since I used that address in all of my MetaMask transactions and I used it in Playing Pegaxy. I still have to transfer those poor horses soon. I haven't played it for ages, ughh!

My wallet doesn't have a huge amount anymore as I tried to exit on SmartBCH last time when I used the GOC bridge to BSC and sell my tokens. But my LAW still amounts to almost 10,000 pesos in our currency. It's already huge money in our currency, so I won't let the scammers get it. I was able to sell one of my Punks last time, speaking of Punks I have to transfer my two Punks too before I'll list them so scammers can't get it.

Ending Remarks

I am not new to this Phishing issue but I still fall on it. Gladly, I was wise enough to notice before I leave my wallet and move my tokens for safety purposes.

I'll make another article about “How To Spot Phishing Emails In MetaMask.” Stay tuned, so you'll avoid future phishing emails and save your ass from any future loss or damage.

Stay safe and smart!

All images are screenshots from my device.

Lead Image: MetaMask wallet in hand & Metamask logo background from Shutterstock (revised in Canva)

18
$ 7.54
$ 7.05 from @TheRandomRewarder
$ 0.10 from @emily2u
$ 0.05 from @bmjc98
+ 11
Sponsors of Eybyoung
empty
empty
Avatar for Eybyoung
1 year ago

Comments

Look at the "Due" word, Ate. A verified & legit sources won't send an email with the kind of construction, Ate. 'Yun bang may mga grammatical or punctuational errors, hehe.

And bigla kong naalala 'yung pagkawala ng almost 5K VIS ko around July yata huhuhu. Biglang nawala kahit wala naman akong ino-open na link na associated kay Metamask. Until now, palaisipan pa din for me kung ano ba talagang nangyari at biglang nawala. As in lahat ey ~ pati mga na-claimed ko na before. Di ko lang kasi ma-withdraw pa at that time kasi wala akong token na magamit for withdrawal. 😭

$ 0.00
1 year ago

same here.. natry ko na din yan sis.. buti wala naman nawala at natransfer ko agad

$ 0.00
1 year ago

buti nga sis napansin agad natin na phising nioh kaloka.

$ 0.00
1 year ago

Grabe na talaga mga scammers ngayon ma'am eybyoung. Talagang ginawan nila through emails kaya ingat talaga tayong lahat palagi ma'am.

$ 0.00
1 year ago

Katakot! 🥶 Sakin naman ngayon may nag email from coins.ph sabi need ng enhanced verification kemerut pag di ko raw venerify bago mag 13 so bale bukas na yun malilimitahan yung account ko. Ito yung screenshot ng message sakin te oh.

https://noise.cash/post/ljgx3vrx

Sabi ng ibang user wala naman silang nareceive na gaya sakin.

$ 0.00
1 year ago

Wow! This is another scope they use. I would have fall for such. I'm glad you didn't and by sharing someone like me won't fall for it if we encounter it.

$ 0.00
1 year ago

Aguy ka, maigi at mabilis ka mag act. Kaya ako never naga check ng emails ee ahahaha I mean nala off notif sya sakin so safuuuu. Anyways ingat na laang next time talaga at mahirap na.

$ 0.00
1 year ago

Ah, good to hear that at least you haven't lost anything. Scammers are getting more clever e3very day

$ 0.00
1 year ago

At least you don't lose your money. Need to be alert, all the time.

$ 0.00
1 year ago

The good thing is you are proactive in finding ways to solve it.

$ 0.00
1 year ago

Thank god you took fast action. Better be safe than sorry!

$ 0.00
1 year ago

Yes Ems, thankfully I noticed it.. indeed better be safe than sorry.

$ 0.00
1 year ago

I guess now that it has happened once, you'll be more conscious next time. I always try to verify before I click on any link anywhere.

$ 0.00
1 year ago

Yeah, I know..this was my first time for almost 2 years in Crypto space.

$ 0.00
1 year ago

You should be careful for next time. You need to take it lesson and never click on scam emails for Upgradation.

$ 0.00
1 year ago

I know, I prevented possible losses fast.. I'll be careful next time.

$ 0.00
1 year ago

At least napansin mo agad..delikado kung naexecute mo yung command..

$ 0.00
1 year ago

Di naman kasi error sya, kung may command to put seed phrase yun talaga di ko gagawin.. pero for safety lang kahit error, nilipat ko tokens ko kasi baka nga may Malware yun ang delikado.

$ 0.00
1 year ago

I have metamask on my phone and I haven't used it, but your lucky that you recover am happy for you

$ 0.00
1 year ago

Naku alam na alam din nila kung sino ung maraming token sa metamask eh

$ 0.00
1 year ago

Hahaha wrong timing naman sya halos na sold ko na lahat 🤣

$ 0.00
1 year ago

Glad I rarely check my emails to avoid such. Pero buti mabilis ka mag act na prevent mo agad. Parang FB ko lang din, feeling ko phishing din yun pero nagawa ko pa talagang ma change password ko after ko di na ma open yung account ko.

$ 0.00
1 year ago

Oo kasi nalaman ko agad kaya di ako natulog talaga bago ko malipat ang LAW tokens ko .yun na nga lang hold ko na mdjo may pag asa pa eh.

$ 0.00
1 year ago

Wag mo muna gamitin MM or create ka new. Hirap na. Or change password ka if possible pero better create a new one. Buti na lang talaga na spot mo agad.

$ 0.00
1 year ago

You are lucky that you realize that it was a scamming link in time to quickly remove your tokens, and also lucky that you don't have BCH in the wallet anymore because that's what is easier for them to remove.

I guess my case was caused by clicking on a phishing email link in my spam inbox.

$ 0.00
1 year ago

Yeah, indeed lucky because I exited SmartBCH earlier and the tokens left in my wallet are just small fragments. I just sold some Punk that is why I have LAW tokens and from the mining as well.

Indeed we should be careful with clicking Phishing Emails to avoid losses.

$ 0.00
1 year ago