Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

MetaMask Phishing Steals Cryptocurrency Wallets Via Google Ads

MetaMask Phishing Steals Cryptocurrency Wallets Via Google Ads

Over the past week, users of the MetaMask cryptocurrency wallet have been losing funds to a phishing scam that lured potential victims through Google search ads.

MetaMask has a community of more than one million users. The site offers an Ethereum cryptocurrency wallet in the browser via a browser extension that lets distributed applications read from the blockchain.

When installing the legitimate extension, you can either import an existing wallet or create a new one along with the secret seed phrase that allows access to the wallet.

MetaMask users find empty wallets

Although it is unclear how many MetaMask users fell for the scam, some say they ended up with empty wallets after clicking on a fraudulent search ad being promoted as the MetaMask site.

The phishing/ad scam is still active, with a new domain constantly being promoted via Google search ads.

On Wednesday, MetaMask alerted its community of the scam and recommended the use of direct links to the legitimate URL and to stay away from sponsored ads.

Also Read: The 5 Benefits Of Outsourcing Data Protection Officer Service

The warning came too late for some users, though, as some users reported losses of tens of thousands of U.S. dollars.

Complaints started pouring in this week, all stories describing the same scenario: the money was gone after trying to install the MetaMask browser extension.

It was determined that the users were going to a fake MetaMask phishing page through Google ads. Once on the page, they are prompted to install the extension, which will give them an option to either import an existing wallet or create a new one.

Fake MetaMask phishing page

If they click on the ‘Create Wallet’ button, they are brought to the real site as there are no cryptocurrency to steal. However, if they click on the ‘Import a wallet’ option, they will be asked to enter the key phrase of their existing wallet, which is then sent to the attacker.

MetaMask phishing form stealing wallet phrase

As soon as the scammer got the seed phrase, they proceeded to empty the victims’ wallets. In replies to MetaMask’s warning on Twitter, one user said they were robbed of nearly $30,000.

Multiple domains pushed in Google search ads

The scammers purchased Google ads to target users searching for MetaMask in the Google search engine. These ads led to a fraudulent domain impersonating the cryptocurrency service.

They registered multiple domains for the scam, which is currently ongoing, as seen in the screenshot below taken by BleepingComputer:

Fraudulent MetaMask ad in Google search

The domain maskmefa[.]io is currently promoted in search ads when looking for MetaMask on Google. The spelling of the service in the title ad should be a red flag, but most users are likely to miss this (note the Russian “к” and space before the top-level domain). A whois lookup on Domaintools shows that it was registered only yesterday.

Blockchain forensics company CipherTrace in a post this week mentions three other domains used for the scam:

  • maskmeha[.]io
  • installmetamask[.]com
  • meramaks[.]io

The first two are ten and nine days old, respectively, while the third was registered yesterday. All were registered through the same registrar, NameCheap.

Users landing on the fraudulent sites would have difficulty spotting the fraud because it looks almost identical to the legitimate MetaMask page. Even if they check the domain in the address bar, there is a high chance of falling for the trick.

Also Read: How To Prevent WhatsApp Hack: 7 Best Practices

Fake MetaMask siteFake MetaMask siteLegitimate MetaMask siteLegitimate MetaMask site

The only difference between the original MetaMask site and the fake one is unnoticeable for most users (the writing on the button for getting the extension).

The only difference between the original MetaMask site and the fake one is unnoticeable for most users (the writing on the button for getting the extension).

Scams and malware attacks increase in frequency during the holiday season when consumers spend more enticed by discounts or special offers and are more easily distracted.

Paying extra attention to download sources reduces the chance of becoming a victim. MetaMask’s advice to access resources from direct, official links (e.g., company accounts on LinkedIn, Twitter, Facebook) and avoiding redirects from third parties (e.g., URLs in messages) is a good way to not fall for a scam.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us