Unfortunately, a new phishing scam is lurking around the NFT space. This scam, as reported by @serpent on Twitter has already stolen $650,000 from an individual, and it may happen to a lot more if you’re not careful. Again, this is one of many scams, particularly one of the phishing scams we’ve seen over the period in which NFTs have been popular.
About this Phishing Scam
To see in-depth details on this particular case of a scam, you can see the full thread by Serpent on Twitter.
In this case, it involved Twitter user @revive_dom, who was the unfortunate victim of this scam. It started two days ago, when he started to receive multiple text messages and phone calls from “Apple inc.”, who continually asked for him to reset his Apple ID password.
After giving this verification code, the scammers wiped his MetaMask wallet, which had over $650,000 worth of crypto and NFTs stolen. This is because your MetaMask seed phrase is saved to iCloud by default.
Here, in this phishing scam, the process was as follows. The scammer has requested random password resets in order to make the victim suspicious of something happening.
Then, the scammer will ask the victim for the code, claiming it is to verify they are the real owner of the Apple ID, when in reality they are using that code to reset the victim’s password. After this, they will have access to their iCloud account, providing them with access to everything, including the MetaMask data which is stored on iCloud.
How to Protect Yourself
Serpent provided several key takeaways on how to protect yourself from phishing scams, at the end of his Twitter thread. Always use a cold wallet to store your valuables, and never give out verification codes to anyone. Next, protect your information, don’t give out your phone number or your personal email. Finally, caller information is easy to spoof. Companies like Apple will never call you.