Skip to main content

Metamask warns users about iCloud phishing campaign

Popular Ethereum wallet Metamask is alerting its iPhone, Mac, and iPad users about potential phishing attacks via Apple’s iCloud service.
| CryptoPress
 | Last updated: June 10, 2023
| CryptoPress
Last updated: June 10, 2023

CryptoPress

Popular Ethereum wallet Metamask is alerting its iPhone, Mac, and iPad users about potential phishing attacks via Apple’s iCloud service. The ConsenSys-owned wallet provider posted a tweet thread on Sunday warning users that they could risk losing their funds if their Apple password is “not secure enough.”

The company explained that the window to potential attacks lies in the fact that encrypted passwords, called Metamask vaults, are automatically uploaded to Apple’s cloud service unless the iCloud backup option is disabled.

In their statement, Metamask warned that malicious actors could gain access to a user’s vault by social engineering them into sharing their Apple password or using a stolen one from phishing campaigns — even if the user does not use iCloud Keychain or two-factor authentication (2FA).

The company also shared screenshots of an alleged phishing campaign allegedly targeting Metamask users by sending them fake messages claiming to be from Apple support — asking for login details.

“We have recently been made aware of an ongoing phishing campaign targeting our users where they receive emails appearing to be from Apple Support stating ‘Your Apple ID has been locked’.,” wrote Metamask. “These emails contain links that attempt to steal your identity and password data if clicked.”

User lost USD $650,000 from his Metamask

A user on Twitter has claimed that he was tricked out of USD $650,000 worth of cryptocurrency after being targeted by a phishing campaign on Apple’s iCloud.

The user identified as “Domenic Iacovone” recounted on Twitter that he had received several text messages and an alleged call from Apple asking him to reset his Apple ID password. “I received a phone call from Apple, it literally [said] Apple (on my caller ID). I returned the call because I suspected fraud and it was an Apple number. So I believed them,” said Iacovone. “They asked me for a code that was sent to my phone and, two seconds later, they deleted my entire MetaMask.”

The victim handed over a six-digit ID code to prove he was the owner of the Apple account that the malicious actors then used to access his Metamask and steal the funds. He said his wallet contained several NFTs from the popular Mutant Ape Yacht Club (MAYC) collection, as well as cryptocurrency funds.

Iacovone indicated in another tweet that the funds were insured by MetaMask, so he is confident they will be recovered. However, he did express concern over whether or not they would be able.

© 2024 Cryptopress. For informational purposes only, not offered as advice of any kind.

Related

© Cryptopress. All rights reserved.