Recently, a new wave of crypto email scams has flooded the internet and users’ email inboxes.
The scams are a bit simpler and easily detectable with some knowledge about blockchain. However, the scammers still manage to lure your hard-earned digital assets out of hundreds of users, and you could be the next victim.
In this article, we’ll give a detailed overview of two of the latest crypto email scams and give you tips to identify crypto scams.
The first one promises free bitcoin with very little effort, and the second one is phishing you to click a button to update your wallet.
MetaMask “Blockchain update” Email Scam
A lot of users recently reported receiving an email with an important notice that their MetaMask wallet will be disabled. And if you do not urgently update your wallet, you’ll permanently lose access and all your funds.
It looks like there are multiple versions of this email scam moving around the internet, as one Reddit user reported a similarly-looking email. But instead of an ongoing network merge, they ask you to upgrade your wallet without reason.
MetaMask support also reported a high number of phishing campaigns asking users to verify their wallets to comply with KYC regulations.
For obvious reasons, we haven’t tried clicking the link. But it’ll probably open a new webpage, asking you to connect your wallet or asking you for your recovery phrase. Once you approve the connection, your wallet will be empty within seconds.
Why is this a Scam
You should never forget that MetaMask is a non-custodial wallet. This means that no one but you has access to your private keys. With that in mind, the MetaMask team cannot block your wallet nor has control of it.
Secondly, as you have control over your keys and the BIP-44 recovery phrase, you are completely free to import your wallet to any other wallet compliant with BIP-44. As MetaMask or any other wallet only serves as a tool to interact with the blockchain.
And lastly, you’ve never shared your email address with MetaMask, and you won’t ever need to.
What should you do after Receiving the MetaMask Phishing Email
Whether you have fallen for this scam or not, you should report it.
Unfortunately, as MetaMask is a non-custodial wallet, transactions cannot be reversed, nor missing funds be restored. But you could prevent other people from being caught.
Firstly, get in touch with MetaMask support via website chat, which can be accessed here. In the message in detail, explain what happened and include the following:
- Scammer’s public address. That’s the address to which your crypto was sent, you can check that on the block explorer.
You can also report the scammer’s address directly on the block explorer. - Send the full email header to the support. The email header contains tracking information and everything about the email. You can get that by tapping the three dots in the email and choosing “Show original.”
Next, forward the email as a whole to phishing@phishfort.com. PhishFort offers phishing and brand protection, focusing on blockchain technology.
Lastly, you should also report phishing in your mailing client. If enough people report that email address, there will be a warning next to messages from this address, and they will be moved to spam.
Google Forms Crypto Scam
Google Forms is a powerful tool to create online surveys, recently used as a part of a Bitcoin (or any other altcoin) scam.
In this type of scam, you’ll likely get a “Thanks for filling out” message, even though you never filled out the form. That’s done by the scammer filling out the form with your email. And the form is set up to email a copy of the response to respondents.
That’s why you could receive the email from the official Google address.
It can look something like this:
For obvious reasons, we have deleted the full scam link. But as you can see, it’s not a secured https website. That’s one red flag you should look out for.
Once you click the link, you’ll be asked to provide additional personal information. This can include email, phone number, and name.
They can’t do anything with that info, but it’s there to look somewhat trustworthy.
Because the next step would be to either send them a small fee to claim your reward or to fill in your wallet seed phrase.
What should you do after Receiving the Google Forms Crypto Scam Email
The only thing you can do here is to tap the “report abuse” at the bottom of the form, choose the abuse type, and submit the report.
As you don’t even know the scammer’s email address, you can’t move them to spam. You could also report the website to its hosting provider, however, those scam websites will likely be hosted privately.
How to Avoid Crypto Scams
Both types of crypto email scams we presented you today are easily detectable. In the first case, it is as simple as knowing that MetaMask is a non-custodial wallet. In the second case, it’s just too good to be true, and everything comes with a price.
However, other cryptocurrency scams can be much more sophisticated. That’s why it’s important to keep in mind some basic principles to avoid them.
- Check for typos and weird phrasing in the email. Scammers are often not native English speakers.
- Never provide personal information such as social security number, credit card number, or password. Remember that if a company wants to block your account, they can do that without knowing that information.
- Do not click links you don’t recognize or download attachments from unfamiliar sources.
- Do not click on unsecured websites. There should always be HTTPS in the web URL. HTTP protocol is usually safe as long as you are not submitting any sensitive data, but you should rather not visit it.
- Carefully check the sender’s email and the website URL. There could be tiny changes, like swapping O with 0, etc.
- Use reputable antivirus software that will keep your device safe. Many antiviruses also come with an email scan that will scan emails before opening them.
- Report unsuccessful and successful scam attempts. The process of reporting crypto scammers differs. But you should always report that to the platform and possibly also to the authorities.
Conclusion
Although both the MetaMask Phishing Email and the Google Forms Crypto scam are not the most elaborate crypto scams, they pose a serious issue. Affecting people’s hard-earned assets and potentially also compromising their other online accounts.
The scammers really took email inboxes by storm. And maybe if you check your spam folder right now, you’ll also discover one of these emails.
If you discover another scam that hasn’t been mentioned in this article, please do not hesitate to contact us via the Contact page. Together we can make the crypto world a safer place.