TLDR
- MetaMask users get fake emails pushing urgent 2FA activation to trick them.
- Scam uses fake domains like matamask with real-looking website layouts.
- Victims are led to enter their seed phrase, giving full wallet access to scammers.
- MetaMask does not request seed phrases via email or external websites.
MetaMask users are facing a new security threat as a highly convincing phishing scam spreads through fake 2FA alerts. These emails appear official, using real branding and urgent language to pressure users into action. Victims are tricked into visiting lookalike websites where they are asked to enter their recovery seed phrase. Once entered, scammers gain full access to wallets, putting users’ crypto assets at serious risk.
Phishing Scam Masquerades as 2FA Update
MetaMask users are once again being targeted in a phishing scam that uses fake 2FA alerts to deceive them. Attackers are sending professional-looking emails claiming to be from MetaMask Support. These emails notify users about a supposed mandatory 2FA activation, urging immediate action.
The emails contain convincing branding and deadlines designed to create pressure. This strategy aims to limit users’ time to verify the email’s authenticity. It exploits growing awareness around wallet security by using technical language that sounds familiar to crypto users.
Deceptive Domains and Websites
The email link does not lead to MetaMask’s official domain. Instead, users are redirected to fake domains that closely resemble the original. Domains like “matamask” or “mertamask” are used, which can be hard to distinguish on mobile devices.
Once clicked, the user lands on a website that visually mirrors the real MetaMask site. It includes elements like Cloudflare security logos and encrypted connection icons to build trust. These design elements are created to reduce suspicion and make the site appear legitimate.
Multi-Phase Scam Execution
The phishing process is carried out in several phases. At first, users are asked to complete a human verification step. Then, they are shown messages claiming that 2FA has been activated. Features like countdown timers, progress bars and phrases like “Security Layer Complete” are used.
These are only scripted visuals that simulate real security processes. They are not connected to any actual MetaMask services. The final step of the scam involves asking users to enter their wallet recovery seed phrase. This is disguised as a final security check.
The seed phrase is then transmitted directly to the attackers. With it, scammers can access the wallet and transfer all assets instantly. MetaMask has repeatedly stated that it will never request a seed phrase through email or any external website.
Preventive Steps and User Guidance
This scam has become effective not because of advanced technology but due to how closely it mimics genuine security protocols. It uses familiar terms such as encryption, authentication and system checks to gain user trust.
MetaMask has advised users to remember key safety rules. All wallet operations should take place only within the official MetaMask browser extension or mobile app. Any email asking for a seed phrase or providing a link to input it should be treated as fraudulent.
Users are also reminded to double-check URLs, especially on mobile devices where typos are easier to overlook. The presence of a padlock icon or a secure connection is not enough to confirm a site’s authenticity.
Anyone who receives such messages is urged to report them immediately and avoid clicking on suspicious links. Security updates or verifications will never be enforced via email.
Get 3 Free Stock Ebooks
Discover top-performing stocks in AI, Crypto, and Technology with expert analysis.
- Top 10 AI Stocks - Leading AI companies
- Top 10 Crypto Stocks - Blockchain leaders
- Top 10 Tech Stocks - Tech giants
