How to protect yourself from Fake MetaMask App & Extension Update Scam?

Do not click any links or share personal information Block and report the sender immediately Report at cybercrime.gov.in or call 1930 Inform your bank if financial details were shared

Fake MetaMask App & Extension Update Scam

Verdict: Suspicious | Risk Score: 8/10 | Severity: high

Category: UPI, WhatsApp, Phishing

How Fake MetaMask App & Extension Update Scam Works

Overview: Attackers target MetaMask users by sending fake update notifications via email, SMS, or social media. Claiming a critical security update is required, the scammers trick users into visiting a malicious site and providing their wallet's seed phrase. The threat is serious—handing over your recovery phrase gives scammers full control to drain your funds instantly. How It Works: Users receive a message, sometimes referencing real hacking incidents, urging an immediate app or extension update. The message explains that failing to update will leave your funds vulnerable. The included link points not to the official MetaMask update page, but a phishing site identical to the real one. After 'logging in', users are prompted to back up or verify their seed phrase, which the attackers capture. The process may include a fake update progress bar or security questions to add legitimacy. As soon as the phrase is entered, scammers steal your assets without needing passwords or OTPs. India Angle: Indian users are especially vulnerable as scam messages may reference popular browsers (Chrome, Brave) and mobile app stores (Google Play). Many phishing attempts tailor language to Indian users, mentioning UPI or Indian exchanges. Cities with high DeFi activity—Mumbai, Pune, Bengaluru—are common targets, along with influencers and YouTubers discussing crypto. Real Examples: SMS: "MetaMask Security: Immediate update required to prevent recent UPI-linked hacks. Click here to upgrade: secure-metamask-update.app" Red Flags: - Update requests via email, SMS, or WhatsApp - Links to unofficial update portals - Pressure to enter seed or "recovery phrase" for so-called backup - Poor grammar or odd logos, despite otherwise convincing branding Protective Measures: - Only update MetaMask through official app stores or browser extension sites - Never share your seed phrase for backups or updates - Use multi-factor authentication where possible and disconnect wallet from unused dApps - Ignore and report suspicious update messages If Victimised: - Transfer remaining funds to a new wallet with a different seed phrase - Report immediately to 1930 and cybercrime.gov.in - Uninstall any compromised app version and do a full security scan Related Scams: - Phishing emails disguised as Exchange Maintenance notifications - Browser extension virus campaigns targeting wallets - Telegram update notifications from fake MetaMask support A reminder: MetaMask never asks for your recovery phrase for verification, upgrades, or updates. Act with caution—one mistake could cost you all your assets.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Fake MetaMask App & Extension Update Scam Target?

General public across India

Red Flags — How to Identify Fake MetaMask App & Extension Update Scam

Requests to update MetaMask via unofficial links
Messages urging urgent updates post 'hack'
Prompts to enter seed phrase for verification or backup
SMS/emails referencing local exchanges or payment apps

What To Do If You Encounter Fake MetaMask App & Extension Update Scam

Do not click any links or share personal information
Block and report the sender immediately
Report at cybercrime.gov.in or call 1930
Inform your bank if financial details were shared

How to Report Fake MetaMask App & Extension Update Scam in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What is Fake MetaMask App & Extension Update Scam?: Overview: Attackers target MetaMask users by sending fake update notifications via email, SMS, or social media. Claiming a critical security update is required, the scammers trick users into visiting a malicious site and providing their wallet's seed phrase. The threat is serious—handing over your recovery phrase gives scammers full control to drain your funds instantly. How It Works: Users receive a message, sometimes referencing real hacking incidents, urging an immediate app or extension upd
How does Fake MetaMask App & Extension Update Scam work?: Overview: Attackers target MetaMask users by sending fake update notifications via email, SMS, or social media. Claiming a critical security update is required, the scammers trick users into visiting a malicious site and providing their wallet's seed phrase. The threat is serious—handing over your recovery phrase gives scammers full control to drain your funds instantly. How It Works: Users recei
How to protect yourself from Fake MetaMask App & Extension Update Scam?: Do not click any links or share personal information Block and report the sender immediately Report at cybercrime.gov.in or call 1930 Inform your bank if financial details were shared
How to report Fake MetaMask App & Extension Update Scam in India?: Report to cybercrime.gov.in or call 1930 (National Cyber Crime Helpline). You can also contact your local police station's cyber cell.

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.