![]() ![]() The bad actors utilized urgency within the body of this email in order to trick the victims into complying with the request, as well as mimicked a well-known brand to gain the victim’s trust in the email legitimately being sent from MetaMask support team. *Fig 1: Fake KYC verification for crypto wallet email spoofing MetaMask* The email prompted the victim to click the ‘Verify your Wallet’ button to complete the wallet verification. The socially engineered email was titled ‘Re: \ Ticket: 6093-57089-857’ and looked to be sent from MetaMask support email: The email body spoofed a Know Your Customer (KYC) verification request and claimed that not complying with KYC regulations would result in restricted access to MetaMask wallet. **Techniques used:** social engineering, brand impersonation, spoofed landing page **Email security bypassed:** Microsoft Office 365 **Target:** This email attack targeted multiple organizations across the financial industry. ![]()
0 Comments
Leave a Reply. |