'Your MetaMask wallet has not yet been verified' - If you have received such an e-mail, you should be aware that this is 100% a phishing attack, even though it might look legitimate at first glance.
What is a Phishing attack?
Example of a phishing attack:
The button redirects to a phishing site where you will be asked to enter your 12 passphrase words of your wallet. After that, the attacker is able to move all your assets away from your MetaMask wallet.
How to recognize and avoid Phishing Scams?
- You should check if the email sender is from the official MetaMask e-mail address. Sometimes an attacker could use some sort of hijacked e-mail address with high reputation to send such phishing e-mails.
If the correct email is displayed, it could still be a phishing e-mail. At first glance, you might think that this is a legitimate e-mail from MetaMask since it has the real e-mail address as the sender, but sometimes that is not the case. E-mail spoofing is one of the most common strategies to disguise an e-mail as legitimate.
- The next step is to verify that the included buttons/links redirect to the correct source/domain.
Official MetaMask Domain:
Phishing Site Domain: