Another Metamask Phishing Email Analysis

March 12, 2023, 5:51 a.m.

Here is the email:

Grabbing the page with curl I see a blank page with an instant redirect to the actual landing page:

Using wget to download the html page, I see that it's mimicking the metamask home page:

Here is the urlscan of it. It only grabs a screenshot of the first blank page:

Here you can see it's asking the victim to enter their wallet recovery phrase:

Don't fall for it!