OpenSea users are the latest victims in a phishing attack where scammers are posing as support staff in Discord to take over wallets and steal funds.
These fake support admins are targeting users who have asked for help and tricking them into giving access to their MetaMask wallet, resulting in the loss of everything in that wallet, including NFTs.
Breakdown of the OpenSea Scam
Here’s how it works. An OpenSea user in need of support requests help at OpenSea’s help centre or via the site’s Discord server. Scammers respond by sending private messages and inviting the user to a fake “OpenSea Support” server under their control (see image below).
After being walked through various troubleshooting steps, the fake OpenSea Support scammer asks the user to share their screen. They tell the victim that they need to resync their MetaMask Chrome extension with their MetaMask mobile app.
To synch your mobile MetaMask wallet with your Chrome extension, if you go to Settings > Advanced > Sync with your mobile phone, you enter your password and a QR code will be displayed. The scammer then screenshots this QR code and can sync it with the MetaMask app on their own mobile phone, without asking for your seed phrase or password (because you already entered it on your end).
Now scammers have full access to the victim’s MetaMask wallet and all the cryptocurrency and any NFT collectibles stored within it. They then transfer the user’s assets to their own wallets and there is nothing the real support staff can do to help get it back.
How to Avoid Getting Scammed
Always go through the official help desk ticket option for communicating with support staff to ensure you don’t lose all your crypto assets in your wallet to a dodgy scammer. As these scams are so popular right now, it is strongly advised that OpenSea users only open tickets through the site’s help centre and not use Discord or Twitter when seeking support.
This is a warning: never share your wallet’s recovery keys, password phrases or QR codes used for synchronising. Always be alert; if anyone direct-messages you through any platform they are most likely a scammer. Do not click on any links to an external server; this is a red flag. Real support staff will never directly message you, send you any link to click on, or ask you to share your screen or password, etc. These are all red flags. Go slowly and be careful out there, scammers are everywhere.
Scam Alert: The number of crypto scams continues to grow. Australians should be wary when dealing in crypto as phishing attacks, fake support staff, fake apps and fake sites are everywhere.
Disclaimer:
The content and views expressed in the articles are those of the original authors own and are not necessarily the views of Crypto News. We do actively check all our content for accuracy to help protect our readers. This article content and links to external third-parties is included for information and entertainment purposes. It is not financial advice. Please do your own research before participating.
Credit: Source link
