Evgen verzun
Blog
September 6, 2023
Why Scammers Hack Government Websites To Target MetaMask Owners?
Not a day in crypto without scammers making the headlines.
Cointelegraph reports that government websites in India, Nigeria, Egypt, Colombia, Brazil, Vietnam, and other countries have been compromised and are now redirecting users to fake ‘MetaMask’ websites.
That’s a nice way to make governments hate crypto even more. Thanks, assholes!
Who Goes To a Gov Site To Connect Their MetaMask?
So imagine you’re a good-willed citizen of, let’s say Egypt, and you’re visiting a uh…
…a Egyptian Consumer Protection Agency website to read about the civil and judicial mandates that were issued in 2006. Yeah, you’re weird like that, and you just can’t get enough of legalese.
But wait, something weird happens. Microsoft Defender is triggered and your browser of choice warns you about the potentially malicious activity happening on the website and doesn’t even ask you “SIR, ARE YOU 100% SURE!?” but boots you back to safety.
Not because the government website looks foul, but because it redirects you to a phishing site.
Like, take a look at this website. Even from this fragment you just know it was last touched in the past century. Suppose someone would be able to ignore the pleads of their browser, they would be redirected to a MetaMask page clone placed on the totally legit https://metamaskpro[.]metamaskglobal[.]top domain.
I can imagine that not all folks that check the gov sites would even know what a MetaMask is and how that sly fox is related to your great country. The majority of gov website visitors likely have no clue about what a MetaMask is, let alone how to operate it.
So to answer my own question from the headline - nobody connects their MetaMask to gov sites, because this scam works differently and these websites are only used as a crutch.
How Scammers Use Hacked Websites In This Scam
Hacked websites are used as a trap floor between you and a phishing website.
If there will be a direct link to http://www.evil.org/veryevilpage.html laying around somewhere on social media or sent in a messenger, it will be noticed and reported way faster than if it was boobytapped. That evil.org link doesn’t take you to a real place, by the way, but don’t click on it anyway.
So to bypass the warning, blockage, blacklisting and reporting, scammers use a legit gov website with a nice and clean reputation as a proxy to the place where you could lose your MetaMask assets.
Redirection is one of the main reasons these websites are hacked, but not the only one.
Government websites are often perceived as trustworthy and legitimate sources of information. Their domains have a lot of SEO cred and longevity, so being connected to them boosts the phishing page and takes it to the top search engine pages.
The examples from the news have been fixed, so I had to dive into the abyss myself. I simply googled “how to unlink metamask in axie” and yep, the first page granted a few phishing results.
5 golden stars - check, buttload of green checkmarks - check, keyword galore - check.
The first two cosmetic tricks are there to fool gullible users who truly believe a gov.site could get a million 5 star votes. The third trick feeds the Google algorithms, so the obviously scammy websites still end up on the front page of the search.
One more thing to carry out from this pic.
Educational sources are also getting hacked left right and center. Why? Because just like government sites from the countries listed in the first few sentences of this blog post, they are a low hanging fruit.
Often those servers are managed by amateurs, they are not up to date and not properly secured.
So to summarize… It's important for MetaMask users and internet users in general to exercise caution and verify the authenticity of websites they interact with. This includes double-checking web addresses, updating your web browser and staying informed about common scams and good cybersecurity hygiene practices by following this blog.
Lately I have been contributing a lot of my creative juices to Blockleaders, so take a look at my works there too. I will publish a new story there in the next few days, and it will give you a reason to feel good about crypto.
Stay safe!