Non-custodial wallet provider MetaMask has warned users against revealing their secret recovery phrase via a phishing email sent from Namecheap.
Email service provider Namecheap confirmed that its email account was breached on Feb. 12 — due to a compromise in its upstream system provider.
As a result, phishing emails were sent to steal the wallet information of customers including MetaMask users.
The MetaMask phishing email asked users to apply for Know-Your-Customer (KYC) verification to secure their accounts.
“We urge you to complete KYC verification as soon as possible to avoid suspension of your wallet,” the email reads.
From the email link, users were redirected to a phishing page similar to MetaMask — which prompts the user to enter their ‘Secret Recovery Phrase’ or ‘Private keys’.
Following the phishing attempt, MetaMask warned its users against ever entering their Secret Recovery Phrase on a website.
“MetaMask does not collect KYC info and will never email you about your account!
Do now enter your Secret Recover Phrase on a website EVER.”
Crypto investors using non-custodial wallets are also reminded to avoid disclosing their private keys to anyone to avoid losing control of their assets to malicious actors.
Source: https://cryptoslate.com/metamask-warns-users-against-namecheap-phishing-email/