MetaMask warns Apple users of iCloud phishing attacks

ConsenSys-owned crypto wallet provider MetaMask has warned the community about a phishing attack on Apple iCloud.

The security concerns for iPhone, Mac and iPad users have to do with the default device settings, where if users enable automatic backup of their app data, their seed phrase or "password-encrypted MetaMask vault" is stored on iCloud.

In a Twitter thread published on April 18, MetaMask pointed out that if a user's Apple password is "not strong," attackers can steal the user's account credentials through phishing, and the user is at risk of losing funds.

To fix this, users can disable MetaMask's automatic iCloud backup, as detailed below:

If you've enabled iCloud backup of app data, it will back up your password-encrypted MetaMask vault. If your password is not strong enough and someone conducts a phishing attack on your iCloud credentials, it could mean your funds have been stolen.

— MetaMask (@MetaMask) April 17, 2022

MetaMask's warning comes in response to an NFT collector, who goes by the Twitter handle "revive_dom," said on April 15 that his wallet contained $650,000 worth of digital assets and NFTs, due to which A security question was stolen.

In a separate post earlier today, DAPE NFT project founder “Serpent” also helped revive_dom gain MetaMask’s attention by sharing the story with their 277,000 followers, providing details of what happened to the victims .

They noticed that the victim had received multiple text messages asking to reset his Apple ID password, as well as phone calls purportedly from Apple that turned out to be fraudulent.

Unsuspecting of the caller, "revive_dom" reportedly provided a six-digit verification code to prove he was the owner of the Apple account. The scammer then hung up on the phone and accessed his MetaMask account via data stored on iCloud.

key revelation

- Always use a cold wallet to store your assets

- Do not disclose the verification code to anyone

- Protect your information and do not give out your phone number or personal email

- Caller information can easily deceive you. Companies like Apple will never call you

— Serpent (@Serpent) April 17, 2022

Following MetaMask’s warning today, “revive_dom” expressed his disappointment with the company, noting:

"I'm not saying they shouldn't do it, but they should tell us. Don't tell us never to digitally store our seed phrases and then do it behind our backs. If 90% of people knew this, I bet none of them use the app or enable iCloud."

While the majority of the community's response was supportive, others were quick to emphasize the importance of using cold storage and doing a lot of due diligence when storing assets in hot wallets.

Cointelegraph Chinese is a blockchain news information platform, and the information provided only represents the author's personal opinion, has nothing to do with the position of the Cointelegraph Chinese platform, and does not constitute any investment and financial advice. Readers are requested to establish correct currency concepts and investment concepts, and earnestly raise risk awareness.