I’d recently checked my email spam folder because I was expecting a digital billing statement receipt that didn’t seem to be in my inbox (it arrived a few minutes late).
The top email in my spam email folder was from a sender called “Service Client” (email: [email protected]) – indicating that the scammers own/operate an eyeglasses repair website “WorldOptic.com” (might just steal eye-wear rather than repair).
This address is spamming cryptocurrency-related emails en masse in hopes that a subset of cryptocurrency investors/users fall for a scam warning them about their MetaMask wallet.
MetaMask “KYC” scam email (2022)
Below is the exact wording of the MetaMask scam email I recently received.
Service Client
Important Notification
Jump into the Decentralized Web with MetaMask
Your MetaMask wallet will be suspended!
Dear Meta customer,
Our system has shown that your MetaMask Wallet has not yet been KYC verified.
This verification can be done easily online with the below displayed connection.
Due to the recently update of NFT’s, all unverified accounts will be suspended on: Friday, 1 July, 2022. We’re sorry for any inconvenience we cause with this.
Visit our website to start the security procedure: metamask.io/wallet-identification (Actual destination: Hould.info).
Please keep in mind that our intention is to keep our customers safe and happy.
Thank you for your understanding.
The MetaMask Team
ConsenSys, 49 Bogart St, New York, NY 11206, United States
Analysis of the MetaMask KYC scam email…
I knew that this was likely a scam because it was automatically flagged as spam by my email provider.
Reading the email while paying attention to detail, I noticed many major red flags:
Email address: [email protected]
An [alleged] eyeglasses repair website (could be a complete scam as well).
If this site isn’t a scam – the scammers have a side hustle: eyeglasses repair (or the eyeglasses repairers have a side hustle: crypto scamming).
Wording
“Dear Meta customer” – horrible wording right from the jump… Meta (not MetaMask) and “customer” (instead of user).
“Any inconvenience we cause with this” – poor wording again (should probably be something like “we apologize for the inconvenience”).
“Recently update of NFT’s” (LOL – should be recent update associated with NFTs or something).
Spelling
The word “will” was spelled with one “L” instead of 2 (as though MetaMask wouldn’t spellcheck their emails).
I guess at first glance someone quick reading the email might not even realize the misspelling.
I’m fairly surprised the scammers don’t bother using spellcheck.
URL
The following URL does not exist: MetaMask.io/wallet-identification.
The text for the URL (MetaMask.io/wallet-identification) does NOT match the destination URL (if you hover your cursor over the link you’ll see).
As I mentioned, the destination URL is Hould.info (LOL – maybe HODL.info was taken or maybe the scammers can’t spell IDK).
Date
Who formats the date in email text as Friday, 1 July, 2022?
Obviously some scammers that aren’t familiar with how dates are written outside of their countries.
Perhaps this formatting makes residents of certain countries more likely to get scammed than others? (Scam email split testing with a revised date format J/K).
Formatting
Certain lines had larger font sizes and an atypical coloration that would not be expected in most emails.
I’m also not convinced that MetaMask would use an exclamation point in the opening line of the email!
No MetaMask logo
Some MetaMask scam emails might have the MetaMask logo included as an added layer of trickery.
However, this email didn’t even contain the MetaMask “fox” logo – which is another red flag (although it’s possible that the logo was filtered out by spam protection or something).
MetaMask won’t email people…
I Googled whether MetaMask ever sends emails about KYC verification.
The top result on Google from the official MetaMask.io website stated that MetaMask never collects personal information and doesn’t even know your email.
If they don’t know your email – how could they send you an email? LOL.
How this specific MetaMask email scam works…
Included below are the details of this specific MetaMask email scam.
Trigger panic (induce fear)
Most scam emails are designed to induce a panic response such that you act quickly without thinking things through.
In this particular case, they’ve included the catchphrase “important notification” as the email title.
The very first sentence of the email “Your MetaMask Wallet will be suspended!” is: (A) bolded; (B) colored blue; and (C) larger font than the rest of the email – and includes an exclamation point!
If you keep reading – the email warns you that there’s a task you need to complete (KYC verification) or else your MetaMask “account” will be suspended by a specific date (in this case July 1, 2022).
This date inclusion is a win-win for them because if you see a date coming up you’ll be compelled to take action quickly – and if you see the email after the date you might panic even more – worrying that your account is gone forever.
Incentivize link clicking
The scammers include a written URL: MetaMask.io/wallet-identification (this isn’t even a real URL).
Although MetaMask.io is a legitimate website for MetaMask – the URL MetaMask.io/wallet-identification does NOT exist. Why? Because MetaMask does NOT do KYC.
And if you actually view the link address my specific MetaMask scam email – it is a long string: http://post.spmailtechn.com/(extremely long string of numbers, letters, and symbols).
The final destination URL is: https://hould.info/logo/index.php.
That said, others may take you to a website that’s similar in both writing and domain destination to the actual MetaMask site such as MetaMaskIO-KYC.io or something weird.
Keep in mind that the destination URLs may vary among competing scammers and/or change over time.
The destination link for this MetaMask scam may be different for you than myself – scammers commonly alter destination URLs for a variety of reasons.
The destination URL will not be the actual MetaMask.io – but may use MetaMask’s real logo to fake you into thinking that it’s the real MetaMask.
Collect personal information
From the second you actually click on the link – the scammers have “trackers” that will know that the link was clicked (perhaps by your specific email).
If you clicked on the link in the MetaMask scam email, the scammers will likely know that your specific email resulted in a “click” – and this might lead them to target you more in the future.
The ultimate goal of the scammers though is to get you to: (A) visit the website that’s linked – and (B) fill out whatever form(s) are on the website.
The scam “KYC” forms may ask for things like: full name; address; email; phone number; social security number; bank account number; credit card number; debit card number; names of relatives; MetaMask wallet ID; MetaMask username & password; etc.
Once you submit this form (or perhaps even before you submit the form if the website logs all text even without submission) the scammers will have all of your personal information.
Financial theft and/or identity theft
The scammers will then likely do one or more of the following: (1) steal cryptocurrency from your MetaMask account; (2) drain bank accounts; (3) max credit cards and/or debit cards; (4) steal your identity; and/or (5) attempt to blackmail you in exchange for money.
Because the scammers will have access to your personal information, they may be able to easily access: bank accounts, non-MetaMask cryptocurrency exchange accounts; email accounts; etc.
If you are not aware of this particular form of scam – it’ll steal your identity; cryptocurrency; and money (from bank accounts).
Continued targeting
The scammers will continue targeting the “suckers” (i.e. unfortunate individuals) that fall for this type of email scam.
This may be in the form of ongoing blackmail such as “we will stop sending you emails or spam mail if you pay us $1000 by a specific date,” etc.
An earlier iteration of the MetaMask scam (2021)
I want to showcase another iteration of the MetaMask phishing scam email that was circulating in ~2021.
This email actually looked a bit more convincing than mine because it contained the actual MetaMask logo in a format that seems like it could be from MetaMask.
Like the email I received, this email attempts to induce panic (you aren’t yet verified – and need to be by a specific date).
Dear customer,
Our system has shown that your MetaMask wallet has not yet been verified. This verification can be done easily via the button below.
Unverified accounts will be suspended on Monday, October 25th, 2021. Please make sure to verify your wallet as soon as possible.
We are sorry for any inconvenience we cause doing this, but please keep in mind that our intention is to keep our customers safe and happy.
Thank you for your understanding.
Verify your wallet.
Will MetaMask ever ask you to verify your account? (2022)
Short answer: Definitely NOT! (R)
Any platform or person asking you to do any of the following:
- Complete KYC (“know your customer” i.e. prove your identity)
- Click a link or button, most likely in an email
- “Verify” your account
IS A SCAM.
Other red flags:
- Threatening that your account will be closed or restricted if you don’t comply in time.
- Claiming that MetaMask is subject to regulations as a “financial services” provider.
- The fact that they are contacting you at all.
MetaMask doesn’t hold any of your personal information (including email) – so MetaMask doesn’t even know your email unless you’re in contact with technical support.
No personal details are required to create a MetaMask account.
Tilanthi
For the Dev team – I received an email on 10th January apparently from Metamask saying:
Metamask requires all users to verify their wallets in order … etc etc by 11/1/2022 … otherwise my wallet will be ‘restricted’” and asking me to click on one of several links.
Obviously no-one should be clicking on links in unsolicited emails (although I do have a metamask …) – can you, or someone from Metamask, confirm whether this is a genuine email sent out from the Company, or it is merely a fishing email?
I don’t know if I am alone in receiving this, but I could not find it mentioned in the community – hence a post to the Dev team to ask for confirmation Many thanks.
Response: “Hey @Tilanthi, welcome to the MetaMask community! MetMask does NOT ask for KYC and will not contact you through unsolicited emails. This email is a scam.” (R)
Does the MetaMask KYC scam only target crypto investors?
Unknown. Perhaps there’s a higher chance of crypto investors being targeted by some subsets of scammers.
For example, the crypto-related websites CoinMarketCap.com and BlockFi.com were hacked a while back and the emails of users were “leaked.”
Obviously savvy scammers could compile these emails and engineer a crypto-specific scam that they could continuously modify until it achieved a certain CTR (click through rate) and/or success rate (i.e. earnings via scamming).
However, I think the scammers simply “cast a wide net” (every email they’re able to find) and hope that some of the people with these emails are crypto investors and MetaMask users.
Of the percentage of emails with people who are MetaMask users (30M+) – the scammers hope that some people will be get tricked into thinking that MetaMask now does KYC (as this is standard with most crypto exchanges).
In the event that the MetaMask email scam works on even a small percentage of targeted emails – this could yield a substantial crypto earning (e.g. if one wallet per day has ~30 ETH or something).
It’s also possible that non-crypto users will think they need to: (1) sign up for MetaMask or something and (2) submit personal information without even having a MetaMask wallet – but my guess is this is far less likely to happen.
Have you seen the MetaMask KYC scam email?
If you’ve seen this email in your inbox and/or spam folder – how did you react?
- What did your specific MetaMask scam email say?
- What was the URL of the site to which you were directed?
- Did you fall for it? Did you almost fall for it? (Or did you know right away?)
- If you were a victim of this scam – what were the effects?