MetaMask Crypto-Wallet Theft Skates Past Microsoft 365 Security
Researchers have uncovered an email-based credential-phishing attack targeting users of MetaMask, a cryptocurrency wallet used to interact with the Ethereum blockchain. The campaign is directed at Microsoft 365 (formerly Microsoft Office 365) users and has targeted multiple organizations across the financial industry. It starts with a socially engineered email that looks like a MetaMask verification email, according to the Armorblox research team, containing a link. Upon clicking the link, users are taken to a spoofed MetaMask verification page, where they are asked to verify their wallet, claiming that non-compliance would result in limited access to their wallets. The fake landing page uses MetaMask logos and branding to closely resemble the real log-in page, and it deploys a language of urgency to encourage compliance with the Know Your Customer (KYC) verification request. “In order to get the victim to comply with the request and exfiltrate sensitive data, attackers included language within both the body of the email and the fake landing page that denoted a sense of urgency, making it known that time was of the essence,” the Armorblox post notes.