Warning: You could lose all your MetaMask assets to this Apple ID phishing scam

Author: Trend Micro

April 18, 2022

This article is from Trend Micro

Recently there have been lots of scams and phishing schemes surrounding NFTs, and this latest Apple ID phishing scam is what the hackers have been getting up to lately. @Serpent, the founder of DAPE NFT, wrote about a new phishing scam on Twitter that has cost one victim $650,000 already.

How it works

Once they know your Apple ID email address, scammers will make a lot of Apple ID password reset attempts, and you will receive many text messages, making you worry that there’s a security issue with your Apple ID.

Then, scammers will impersonate Apple and contact you via phone. They inform you that there was suspicious activity with your Apple ID and that to prove you are the genuine owner, they need you to provide a 6-digit verification code.

In fact, the code was generated when the scammers tried to log in to your account. With it, they can reset your Apple ID password and gain access to all the data stored on your iCloud, including the seed phrase of your MetaMask wallet.

What does that mean? Well, they can then take control of your MetaMask account and transfer all your crypto assets away. What’s worse, since cryptocurrencies are decentralized, it would be nearly impossible to get them back! Watch out!

How to protect yourself — 5 tips

  • Double-check callers’ phone numbers, but keep in mind that caller IDs can be spoofed. Besides, remember that Apple will most likely not call you.
  • Never share any verification code with anyone.
  • Use a cold wallet to store your crypto assets to avoid phishing scams.
  • Disable iCloud backups for your MetaMask data via Settings > Profile > iCloud > Manage Storage > Backups. Also, turn off automatic iCloud backups via Settings > Apple ID/iCloud > iCloud > iCloud Backup.
  • Be smart with your personal information — scammers can use leaked information for phishing attempts. Add an extra layer of protection with Trend Micro ID Security to manage your online security and privacy with ease:

 

Available on Android and iOS, ID Security can monitor the internet and the dark web for your personal data — 24/7! If your data is leaked, you’ll be the first to know!

  • Dark Web Personal Data Manager: Scours the dark web for data such as bank account numbers, driver’s license numbers, passport numbers, and social security numbers.
  • Credit Card Checker: Find out if someone has acquired your credit card number and put it on the dark web.
  • Email Checker: Find out if any of your email addresses have been leaked to the dark web. You’ll be notified of the exact account so you can take the appropriate counter-measures.
  • Password Checker: ID Security will notify you if you’re using a password currently in circulation on the dark web.
  • Social Media Account Checker: Find out if your Facebook and Twitter accounts have been breached and shared on the dark web.
  • A Comprehensive Monitoring Report

Simple, efficient, and easy-to-use, follow this link to try the free 30-day trial version today! And as ever, if this article has been of use and/or interest to you, please do SHARE it with family and friends to help keep the online community secure and protected.

 

Report a Scam!

Have you fallen for a hoax, bought a fake product? Report the site and warn others!

Help & Info

Popular Stories

As the influence of the internet rises, so does the prevalence of online scams. There are fraudsters making all kinds of claims to trap victims online - from fake investment opportunities to online stores - and the internet allows them to operate from any part of the world with anonymity. The ability to spot online scams is an important skill to have as the virtual world is increasingly becoming a part of every facet of our lives. The below tips will help you identify the signs which can indicate that a website could be a scam. Common Sense: Too Good To Be True When looking for goods online, a great deal can be very enticing. A Gucci bag or a new iPhone for half the price? Who wouldn’t want to grab such a deal? Scammers know this too and try to take advantage of the fact. If an online deal looks too good to be true, think twice and double-check things. The easiest way to do this is to simply check out the same product at competing websites (that you trust). If the difference in prices is huge, it might be better to double-check the rest of the website. Check Out the Social Media Links Social media is a core part of ecommerce businesses these days and consumers often expect online shops to have a social media presence. Scammers know this and often insert logos of social media sites on their websites. Scratching beneath the surface often reveals this fu

So the worst has come to pass - you realise you parted with your money too fast, and the site you used was a scam - what now? Well first of all, don’t despair!! If you think you have been scammed, the first port of call when having an issue is to simply ask for a refund. This is the first and easiest step to determine whether you are dealing with a genuine company or scammers. Sadly, getting your money back from a scammer is not as simple as just asking.  If you are indeed dealing with scammers, the procedure (and chance) of getting your money back varies depending on the payment method you used. PayPal Debit card/Credit card Bank transfer Wire transfer Google Pay Bitcoin PayPal If you used PayPal, you have a strong chance of getting your money back if you were scammed. On their website, you can file a dispute within 180 calendar days of your purchase. Conditions to file a dispute: The simplest situation is that you ordered from an online store and it has not arrived. In this case this is what PayPal states: "If your order never shows up and the seller can't provide proof of shipment or delivery, you'll get a full refund. It's that simple." The scammer has sent you a completely different item. For example, you ordered a PlayStation 4, but instead received only a Playstation controller.  The condition of the item was misrepresented on the product page. This could be the