'Your MetaMask wallet has not yet been verified' - If you have received such an e-mail, you should be aware that this is 100% a phishing attack, even though it might look legitimate at first glance.

What is a Phishing attack?

πŸ’‘
In short, phishing attacks are the practice of sending deceptive communications that appear to be from a legitimate source. It is usually done via email. The aim is to steal sensitive data such as credit card and login information or to install malware on the victim's computer.

Example of a phishing attack:

The button redirects to a phishing site where you will be asked to enter your 12 passphrase words of your wallet. After that, the attacker is able to move all your assets away from your MetaMask wallet.

How to recognize and avoid Phishing Scams?

  1. You should check if the email sender is from the official MetaMask e-mail address. Sometimes an attacker could use some sort of hijacked e-mail address with high reputation to send such phishing e-mails.

    If the correct email is displayed, it could still be a phishing e-mail. At first glance, you might think that this is a legitimate e-mail from MetaMask since it has the real e-mail address as the sender, but sometimes that is not the case. E-mail spoofing is one of the most common strategies to disguise an e-mail as legitimate.
  2. The next step is to verify that the included buttons/links redirect to the correct source/domain.

Official MetaMask Domain:

Phishing Site Domain:

What is a spoofed E-mail?

πŸ’‘
E-mail spoofing is a technique used in spam and phishing attacks to trick users into thinking a message came from a person or entity they either know or can trust. In spoofing attacks, the sender forges email headers so that the client software displays the fraudulent sender address, which most users take at face value.