A new phishing scam was reported in a MetaMask wallet earlier this week by Serpent on Twitter. The thread explained how an individual lost $650,000 and that it’s going to happen to other people too if they aren’t careful and informed.
The Twitter thread explained the first event which led to the scam, the victim of this horrific event, Domenic Iacovone, received multiple text messages on 15 April, asking him to reset his Apple ID password.
He continued to explain that at about 6:32 PM the user received a call from “Apple Inc.” which was a spoofed caller ID. The caller claimed that they had noticed suspicious activity on the user’s Apple ID and requested access via “One Time Verification Code,” to authenticate the user as the owner of the Apple ID account.
The user gave the 6-digit verification code to the scammers and they quickly hung up. Following pursuit to this action, the user’s MetaMask wallet was wiped clean, with over 650,000 dollars stolen within minutes.
How Did The Scammers Get Access To MetaMask?
“ If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault. If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds.”
🔒 If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault. If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds. (Read on 👇) 1/3
— MetaMask 🦊💙 (@MetaMask) April 17, 2022
The Twitter Account, Serpent, explained how MetaMask basically saves your seed phrase file on your iCloud. The scammers had requested the password to reset the victim’s Apple ID, which has access to iCloud. So basically, after getting the 2FA code, they had complete access to the user’s Apple ID which meant, they got direct access to MetaMask.
The scammers reach out to victims posing as cyber security employees from “Apple Inc” to inform victims of “suspicious activity” on their accounts. Then they proceed to persuade victims to reset their passwords to safeguard their credentials and other important information.
Furthermore, these scammers use spoof caller IDs to contact victims and request them for a code; scammers claim that this code is to authenticate the user as the real owner of the account. But in reality, they’re using this code to reset victim’s Apple ID.
Going Phishing Day26
Apple Users Warned About iCloud Phishing Attacks: MetaMask, a crypto wallet service owned by ConsenSys, has issued an alert to users about phishing attempts targeting Apple’s iCloud.https://t.co/ZXZEJQDhQi #iCloudPhishingAttacks #Apple #phishing pic.twitter.com/e5sSygEabF
— Identity Quest (@identityquest_) April 18, 2022
After resetting the password, they’ll have full control of the victim’s Apple ID and do as they please. The access includes iCloud, MetaMask, personal data, social security numbers, and basically all information stored on the device.
The Twitter Account, Serpent, clearly pointed out key take-ways to avoid such scams. Always use a cold wallet to store your digital assets. And very importantly, never share verification code with anybody. Caller information is easy to spoof by using third-party apps and tech giants like Apple would never directly call you, concluded the Twitter thread.