Phishing campaign tricks MetaMask to track Crypto investors on Microsoft Office 365

The Phishing campaign is tricking MetaMask software for tracking Cryptocurrency investors via Microsoft Office 365.

A phishing campaign is carried out by cyberattackers. They often steal financial credentials of people while manipulating the victims via emails.

What is MetaMask and how to use it?

MetaMask is a free web of Cryptocurrency wallet which is used to interact with the Ethereum blockchains.

It was developed by ConsenSys Software Inc. which focuses on Ethereum-based tools and infrastructure.

Additionally, it is a free web and mobile crypto wallet which allows their users to store and use cryptocurrencies, interact with the Ethereum blockchain ecosystem.

How MetaMask is used?

MetaMask is structured on Cryptocurrencies and decentralised applications (dapps). Hence you need a user interface in order to use MetaMask.

It can be easily installed just like any other Google extensions.

Moreover, MetaMask is one of the top crypto wallet which is a browser extension that serves as an Ethereum wallets.

You can get started with using MetaMask after installing successfully. Later, create your Ethereum wallet and keep an unique password without sharing with anyone else or on other portals.

How can a phishing site attack your MetaMack account?

Simultaneously, after creating your unique password, MetaMask will share your 12 – word back-up phrase with you. This back-up phrase should be kept safe and confidential.

Additionally, this 12 words can help you to recover your account if you loose access on your regular device.

So, if this 12-words are revealed, any person who have this phrase can steal your NFTs, use your funds, and Cryptocurrencies.

According to the cyber watchdog Armorblox, the phishing campaign is tricking the famous crypto wallet MetaMask and trageted Microsoft 365 devices.

The threat actors shares a legit email to the users, which exactly looks like a email from MetaMask.

Additionally, the emails tricks and fools KYC verification request though the threat actors send it from an invalid websites.

But the attackers surprises when they offers one month duration for cross checking their verification. Normally, any cyber attackers will not provide time for verification, and when this act is brought in use, the victims easily fall in the trouble.

How to keep your accounts safe from such phishing campaigns?

There are numerous phishing campaign on the internet. The cyberattackers are skilled at manipulating and grabbing people’s attention.

Moreover, the cyberattackers often frightens  manipulates their victims for recording up their personal details.

We may not spot the exact fault in the accounts but there are certain notifications we receive either on the web or on email address which is used on the particular site. The users do get the notification after some malicious sites interfere in the accounts. One can easily block or protect their accounts if they notice some unrecognised changes.