In one of the latest phishing scams, malicious actors are impersonating popular platforms like PayPal and MetaMask to target unsuspecting victims. The gravity of this cyber onslaught has been intense enough to prompt the Federal Trade Commission (FTC) to warn internet users.
Large-scale phishing campaigns are nothing new in the digital era. Scammers have been crafty enough to impersonate emails from reputed platforms to exploit human weakness with a sense of urgency. The fraudsters leverage user anxiety related to finances and claim that the MetaMask cryptocurrency wallets would be blocked if they don’t ‘act fast,’ ‘click a link,’ or ‘update their wallet.’
The fake emails imitating PayPal claim that the payments to the crypto exchange Binance have been canceled. The fraudsters further provide a phone number to potential victims to reach out to PayPal.
Clicking on the deceitful links provided by the imposters in emails or reaching out to the phone numbers they specify puts the victims at risk of losing money or confidential information. The social engineering scam can also lead to cryptocurrency thefts, given that scammers ask for sensitive information like payment details and account passwords.
Threat Actors Closely Imitate Genuine PayPal and MetaMask Platforms
For an unsuspecting user, evaluating the legitimacy of these emails turn out to be challenging. Threat actors closely imitate legitimate platforms with close attention to details, decorating the PayPal email using authentic-looking logos and fonts. The imposters even include an invoice in the emails to demonstrate their legitimacy. It prompts even tech-savvy individuals to fall prey to the scam.
The sense of urgency, which typically characterizes a phishing scam, is also evident in the MetaMask emails. The scammers urge the recipients to upgrade their wallets before a specific date to retain access to their crypto assets and keep them secure.
FTC’s Advice to Identify Phishing Emails Before Responding
FTC’s warning regarding the latest phishing scams recommends the primary line of defense. The Commission points out that most of these emails would carry a sense of urgency. It’s out of financial anxiety that users respond to these snares without giving them a second thought.
Genuine organizations usually don’t send pressing emails. Hence, users receiving these emails should take guard against being a victim. Calling the number or clicking on the links in emails would lead to your financial or personal information theft.
Image sourced from optimalnetworks.com
The Federal Trade Commission has also recommended some measures for email recipients to stay secure.
- Firstly, the Commission urges the users to slow down and think about whether or not they have an account with PayPal or MetaMask. Next, the user should try to identify the sender. Chances are high that the email would be sent from an unknown person impersonating these platforms. If in doubt, contact the organization through their official website or genuine customer care department to check out the facts.
- Never click the links sent through emails or texts without verifying the sender’s identity. Scammers are smart enough to install malware on your system once you click.
- The Commission also urges users to update their security software to secure their information systems or mobile devices from security threats. Failure to do so might lead to compromise of financial or confidential information.
What To Do If You Receive a Phishing Email?
The best action is to ignore the phishing email or delete it altogether. Responding to these emails would escalate your risk quotient. In addition, one must follow the below steps to remain fully secure.
- To secure yourself from unsolicited emails and phishing scams, download advanced malware removal tools and update your existing antivirus. Get endpoint phishing protection software to detect malicious software that might already be concealed in your system.
- Never click on links sent through emails from unknown senders. In case of suspicious activity, authenticate the sender’s identity or contact the organization through their official portal. Verify the sender’s email ID and check whether it matches the official ID on the website.
- The FTC advises reporting phishing emails to email@example.com if you receive one. In addition, delete it from your system to stay secure.
- If you accidentally click on one of the malicious links, immediately change your login credentials. Also, enable MFA (Multi-factor authentication) and scrutinize your account for unsolicited activity.
Chainalysis, a blockchain analysis firm, reveals that crypto-based scams cost businesses $6 billion last year. Malicious actors are likely to exploit vulnerabilities even more in the coming months. A CNBC report states that crypto scammers robbed internet users of $14 billion in 2021. That calls for additional cyber hygiene to stay secure.
With threat actors innovating new tactics to steal personal and financial credentials, it pays to remain informed against large-scale phishing scams and establish your line of defense.