MetaMask warns Apple users of phishing attack

After an iPhone user complained of losing over $650,00 in NFTs and ApeCoin, MetaMask issued a warning to Apple users about phishing attacks and how to protect themselves from getting defrauded.
MetaMask warns Apple users of phishing attack
MetaMask warns Apple users of phishing attack

On April 17, MetaMask issued a warning to Apple users about phishing attacks after an iPhone user was defrauded of $650,000 in NFTs and ApeCoin (APE).

The default settings on devices like the iPhone, iPad, and MacBook, according to MetaMask, allow hostile actors to read the seed phrase or “password-encrypted MetaMask vault” kept on Apple’s iCloud storage service.

About the Hack

Domenic Iacovone, a Twitter user, claimed on April 15 that he had lost all of his non-fungible tokens (NFTs) in his wallet. Three Mutant Apes, three Gutter Cats, and $100,000 in ApeCoin were among the items.

Iacovone stated he received a call on his phone from an Apple number, according to caller ID. He didn’t pick up the phone at first but phoned it back because the caller ID showed it was from Apple.

MetaMask warns Apple users of phishing attack
MetaMask warns Apple users of phishing attack

The caller, however, was a scammer using a phony phone number. Under the guise of being an Apple official, he asked Iacovone for a code to be transmitted to his phone. Iacovone claimed that seconds after sharing the code with the scammer, he lost everything in his Metamask wallet.

Explaining the Hack

The phishing attack was explained by Twitter user @Serpent, the founder of crypto threat mitigation system Sentinel. According to him, the attacker pretended to be from Apple and reported that there was suspicious activity on the account using a caller ID spoofer.

The scammer then demanded that the victim’s Apple ID password be reset. The victim will be given a code to reset their password, and the fraudster will ask for it, stating it is to prove their ownership of the Apple ID.

The scammer really uses the code to reset the victim’s password, giving them access to their iCloud account. They can access MetaMask data stored on iCloud and take the victims’ assets.

MetaMask gives a solution

According to MetaMask, users can turn off iCloud backups for their app by “Settings > Profile > iCloud > Manage Storage > Backups,”

For those who want to turn off the feature entirely, they can do so at “Settings > Apple ID/iCloud > iCloud > iCloud Backup.”