Scam artists are some of the most deceiving people by nature. Like many other scam artists, these cybercriminals rely on primitive tools to fool others and make money. One such scamming group is targeting Trust Wallet and MetaMask consumers on social media platforms. Both these applications allow users to create a digital wallet on their smartphones and store, buy, exchange and sell cryptocurrencies at will. 

However, some scammers are spamming the users of these wallets on social media platforms and spamming them with phishing messages. These messages are posted by accounts that are pretending to be part of the customer support team or impersonating the tech or helpdesk system. In reality, these messages have nothing to do with the actual services.

How Phishing Spam Posters Get Away with $300,000 of Crypto Savings

The scammers are making rounds on the Twitter platform, where they invite the users to fill out a made-up Google doc form to get a response from the support team. This fake support form asks some basic questions from the users, but in the end, it prompts the users to enter their unique 12-word recovery phrase. This type of scam was a new development for many users, and many people walked right into the spider’s web without having any suspicions. 

One user reported having lost about $300,000 worth of crypto holdings to such a scam routine. When the unsuspecting users entered their secret recovery code, which they should not share with anyone under any circumstances, the scammers got hold of their digital wallets and transferred their contents to their accounts without any hesitation. 

As cryptocurrencies are being adopted at a mainstream level, the related scam markets have also increased to a dangerous level. One of the most important things to note that the consumers must not share their passwords or recovery phrases with anyone, not even the real employees of the service providers. It should be noted that any legitimate business entity would not ask their consumers to fill out a Google doc form.

Most service providers ask their consumers to send an email at a response address where the consumers do not have to share any keys or codes. Other platforms encourage their consumer to connect with support through toll-free calls or live chat via their application or website portal. Under all these cases, it is not required by the consumers to share their pin code or password with the CS representative. It is better to type in the URL directly rather than clicking on phishing messages that redirect to malicious links.