Why Ask Credentials If There Are Secret Codes?, (Wed, Jul 1st)
Why Ask Credentials If There Are Secret Codes?
This morning, an interesting phishing email hit my mailbox. It targets Metamask[1], a cryptocurrency wallet, available as a browser extension and a mobile app, that lets users store, send, and receive crypto money. It's pretty popular, so a juicy target for criminals. In February, I already mentioned a campaign against them[2].
Today's email was different and used another approach. Most services that we use daily ask us to implement a 2nd authentication factor. That makes simple credentials useless if you can't interact with the victim and grab the temporary token, code, … But most services also offer a "password recovery" process.
In the case of Metamask, it's based on your secret security phrase that you created during the account creation process[3]. That's exactly the target of this phishing campaign. They ask you to provide this secret phrase.
First, they put some pressure on you, pretending that your wallet is at risk:
Then, they ask you to provide your secret phrase:
The campaign relies on the domain captchasolve[.]help that has been registered two days ago.
[1] https://metamask.io
[2] https://isc.sans.edu/diary/Fake+Incident+Report+Used+in+Phishing+Campaign/32722
[3] https://support.metamask.io/configure/wallet/how-can-i-reset-my-password/
Xavier Mertens (@xme)
Xameco
Senior ISC Handler - Freelance Cyber Security Consultant
PGP Key
Comments
No comments yet. Start the discussion.