Online Threat Alerts (OTA) - Alerting you to scams and frauds.

Metamask Email Scam - How to Protect Yourself
Metamask Email Scam - How to Protect Yourself

MetaMask email scams are phishing campaigns where fraudsters send fake messages claiming your wallet will be blocked, suspended, or needs "KYC verification". The primary goal of these emails is to scare you into clicking a link that leads to a fake website designed to steal your Secret Recovery Phrase.

Warning Signs of a Scam

  • MetaMask does not have your email: You do not use an email address to create a MetaMask wallet, meaning the company cannot send you unsolicited alerts or notifications.
  • Never share your seed phrase: MetaMask will never ask you to enter your Secret Recovery Phrase on a website or email form.
  • Urgent threats: Scammers use fear—such as claiming your wallet will be closed or access to the Ethereum network will be lost—to force you into acting quickly.

How to Stay Safe

  • Do not interact: Delete the email immediately, and never click any embedded links or download attachments.
  • Verify official domains: Legitimate MetaMask correspondence only occurs in response to an open support ticket or marketing sign-ups. Official support emails will come from @metamask.io, @consensys.zendesk.com, or @metamask-portfolio.zendesk.com.
  • Check in-app only: Always use the official browser extension or mobile app rather than clicking links in your inbox to check for real updates.

If You Fell for the Scam

If you clicked a link and entered your Secret Recovery Phrase or private keys, your wallet is compromised. Follow the steps detailed in the official MetaMask Report a Scam Guide to secure any remaining assets.

waiting