A new warning (opens in new tab) issued by the Federal Trade Commission (FTC) has urged internet users to be wary of new phishing email scams, supposedly coming from payment gateway PayPal and crypto wallet platform MetaMask.
The PayPal email warns customers that BNC Billings has canceled their payment to Binance, while the MetaMask email informed customers that their cryptocurrency wallet has been blocked.
Both are scams, and the FTC is asking that recipients forward such emails to reportphishing@apwg.org (opens in new tab). They should not interact with the email, and delete it immediately.
The convincing email supposedly from PayPal is decorated with legitimate colors, logos, and fonts. It also includes a dud invoice, and in the body of the email is a phone number that links directly to the scammer who proceeds to ask unsuspecting customers for sensitive information, such as account passwords, payment detail information, and personal information.
Twitter user OF24com (opens in new tab) describes how the invoice appears to use the legitimate PayPal domain, helping to persuade even the savviest of PayPal users to share their information.
While the PayPal phishing email uses alarming prices to frighten customers into action, the MetaMask scam employs a sense of urgency. The email reads:
“Due to the dramatic increase in our platform users, some wallets still need to manually perform the new upgrade. You must upgrade your wallets before [date] in order to keep your assets secure and accessible.”
In an effort to protect citizens, the FTC is advising victims to “slow down” and to assess the email and their circumstances more carefully. The advice is also not to click on any links – if a company has shared a message with you, you will usually be able to find it on the website, in your account (accessed directly via the website), or by phoning the company (again, directly from its website). Contact details shared in an email may not belong to the company in question.
Other general advice includes downloading and updating malware removal tools and endpoint protection software.