Today’s Scam of the day is a  phishing email that appears to come from MetaMask. MetaMask is a software cryptocurrency wallet used to interact with the Ethereum blockchain.   The email makes for compelling reading, but it is a scam.  Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which will download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new.  They are a staple of identity thieves and scammers and with good reason because they work.  As always, they lure you by making it appear that there is an emergency that requires your immediate attention or else dire consequences will occur.

Copied below is the email which contains the MetaMask logo, but was sent from an email account that had no relation to MetaMask which is a clear indication that this is a scam.  Most likely the email address from which it was sent was from an email account of an innocent person whose email accounts was hacked and made a part of a botnet used to send out phishing emails.  Another indication that this is a scam is that your name does not appear anywhere in the salutation.


MetaMask Phishing Sample Email


Legitimate emails from MetaMask or any company with which you do business would include your name and account number.  This email had neither.   Obviously, if you are not a MetaMask customer, you will recognize immediately that this is a scam.

As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you will download keystroke logging malware that will steal all of your personal information from your computer and use it to make you a victim of identity theft.  In this case if you clicked on the link and provided the information requested, your cryptocurrency account would be looted.

Whenever you get an email that asks you for information or to click on links and may appear to be legitimate, do not provide the information or click on the link.  Rather, contact the company by phone or by email at a phone number or email address that you have confirmed is legitimate.

If you are not a subscriber to and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of and insert your email address where it states “Sign up for this blog.”