Feds, local authorities warn of latest Paypal and MetaMask phishing scam


Computer code. (Photo by Markus Spiske, Unsplash)

J.W. August

The art of the scam keeps getting more sophisticated as con artists probe for profits by altering the come-ons they use to hook the unsuspecting.

Check your recent emails. You may have seen their latest efforts — communications that appear to be legitimate messages from PayPal and MetaMask. The name for this particular family of scams is well-known. It’s called phishing, a scheme in which the perpetrator is fishing for a gullible victim.

It’s rooted in a Nigerian scam from years ago, but now it’s updated and more clever.

The writer of this report was among those who received a PayPal alert in his email purporting to warn him about an imminent withdrawal. The Federal Trade Commission recently issued an alert about this.

The reporter sent the PayPal message he received to Ryan Karkenny, a San Diego County deputy district attorney who is also a member of the multi-agency Computer and Technology Crimes High Tech Response team.

“They are typically looking for more information when they get a live one on the phone,” he said. “The most recent I’ve seen is where they have you call into a number, and the scammer says something like ‘your account has been compromised’ and asks you to transfer your funds to them, in order to allow them to protect them for you.”

PayPal Security was also sent a copy.

The company advised, “If you disclosed any financial or personal data, or entered your details on a suspicious website,” you should change your PayPal password immediately, contact your bank, review your recent PayPal payments and report “any unauthorized payments in the Resolution Center.”

A good tip-off to fraud is when you’re told to act quickly, as was the case of the charge to the reporter’s PayPal account where he was advised to act within 24 hours. If you click on a link in the email or call the number provided, the scammers will try to steal your financial or personal information, and it could lead to identity theft, the FTC warns.

According to the FTC, the MetaMask fake email will warn that your cryptocurrency wallet is blocked. And if you don’t act fast and click on the provided link, your crypto will be lost, you’re told.

What you should do instead is ignore it and delete it, fraud experts say. The FTC warned of another PayPal come-on, different from the example shown in this story. The agency states that the phishing email says ‘BNC Billing cancelled your payment.’ And again, the scammer is telling you that speed is important; you need to reply right away. Again, the smart move is to ignore and delete.

J.W. August is a longtime San Diego broadcast and digital journalist.