A Sensational Win: Mutant Ape NFT! (Phishing Scam Explored)

We have won a Mutant Ape Yacht Club (MAYC) NFT!


The 'good' news has arrived via an e-mail that we have received from OpenSea <[email protected]>


The MAYC are being sold for approx. 5.5 ETH in OpenSea, so it is clear that we have hit the jackpot. 

How lucky we are... Let's claim our MAYC NFT straight away.

Of Course, It Was A Scam

This phishing scam is not sophisticated and easy to spot as a malicious attack. 

But it is worth reviewing the data we have acquired from the email and learning as much as we can from it.

These are the SIX RED FLAGS that anyone with a medium level of crypto and digital safety knowledge should be able to identify:

1st Red Flag: If it is too good to be true... probably it is not true

Scammers use greed as an amygdala hijack mechanism.


In this case, they tempt us with a very good offer, which is a very valuable NFT for free.

This scammer could have used an additional amygdala hijack technique, which is scarcity. But it seems that luckily for us, this scam was put together by someone with very little scamming experience... or lazy.

In any case, statistically, if enough emails are sent, eventually someone will fall for it.

2nd Red Flag: The email was sent from a Hotmail account. Opensea or any other reputable website would never use generic email accounts.

It seems that the scammer does not have the means or cash to create a personalized domain for the email address to look more trustworthy. 

For us, such an email coming from a generic account should be a very clear sign that this is a scam


3rd Red Flag: By hovering over the 'Clain Now' button, we can observe that the link leads to a tiny URL web page. 

TinyURL is a legitimate business that can be used as a marketing company's tracking mechanism. But, it also can be used by scammers.

We have grayed out part of the URL, to protect our identities, but the URL looked like something similar to the following:


Once again, OpenSea or any other reputable website would not use a TinyURL to contact their subscribers. 

If you spot a TinyURL in any communication, start looking for additional red flags that may indicate a malicious usage of this otherwise useful and valuable tool.


4th Red Flag: 'Flashing' or very short-duration web pages may indicate suspicious or dangerous activity.

Once we click over the 'Claim Now' button, the TinyURL directs us to the web page shown below.

The page appears on our screen for less than a second so it is barely noticeable and the details cannot be appreciated unless you capture it in video. Like we have done.

By clicking on the phishing URL, we are already providing value to the scammer. Because the scammer is alerted that the email that they have sent to our email address has been opened and an action taken (clicking over the button).

The scammer has verified that the email address is in use by the victim, in this case, us, and can be used as a target for future phishing attempts. Or, the scammer now has evidence to prove the validity of the email address in case they sell our email address to another scammer in the black market.


Note that there are other systems that the scammer can use to identify that an email has been opened by the victim, like for example inserting invisible tracking pixels.

If you want to learn more about tracking pixels, you may want to have a look at the article we have written about this topic: 'Find Out How Invisible Tracking Pixels Invade Your Privacy'.


5th Red Flag: A very poorly constructed phishing website.

After the brief appearance of the TinyURL web page, we are directed to a very poorly designed web page.

- The URL of the web page has nothing to do with the OpenSea marketplace, apart from the 'OpenSea' word mentioned in the URL.

- Clicking over the OpenSea logo should redirect us to the OpenSea home page. But the logo is just a picture so it is not possible to click on it.

- The 'Drops', 'Stats', and 'Create' words are supposed to be buttons, but they are not. It is not possible to click over them.

But on this page the scammer uses scarcity as an amygdala hijack: There is a timer mentioning that the offers end in less than an hour. The scammer is trying to induce urgency so the victim quickly proceeds to Claim the NFT without taking precautions.



6th Red Flag: The smart contract indicated that only ETH will be sent to the scammer's public address, without us getting anything in return.

The smart contract indicates that 0.007 ETH will be taken from our wallet and sent to the scammer's wallet. Most probably the scammer is just trying to scam a small amount in the hope that the victims will not take any action once they discover that they have been scammed.

- In this case, running the contract through Wallet Guard is just a good practice, because the same information displayed by the Wallet Guard will be displayed by Metamask or any other reputable wallet.

- But this is a very good precaution because other malicious smart contracts, written by more savvy hackers or scammers, can be difficult to recognize without specialized applications line Wallet Guard


As a reference, this is an OpenSea transaction example.

In this transaction, an NFT is sent (sold by the seller) and a defined amount of USDC is received in return (bought by the buyer).


To learn more about the Wallet Guard Extension, you may want to have a look at our recent post 'Wallet Guard Extension - How To Proactively Secure Your Crypto Wallet'






How Many People Fall For This Kind Of Scam?

The answer is that question is that far too many people fall for this kind of scam.

The latest Phishing statistics from AAG do give us some clues about the amount of people who fall victim to Phishing Scams:

- In 2021, the average click rate for a phishing campaign was 17.8%. Phishing campaigns that were more targeted and added phone calls had an average click rate of 53.2% – 3 times more effective.

- The US-based IC3 received 300,497 reports from victims of phishing in 2022.

- 91% of cyber attacks begin with a phishing email to a victim.

If you are reading this article, most probably you are knowledgeable and experienced enough and you are not going to fall for such a simple phishing attack. 

But it is nearly certain that people around you do not have sufficient awareness and can easily fall from medium or advanced phishing attacks.

Only knowledge in combination with good practices can protect us from hacks and scams:

- Knowledge: As little as a few minutes of learning per week can make a difference

- Good Practices: There are tools and precautions that in combination with knowledge will protect us from most, if not all, cybersecurity attacks.

Congratulations on completing this 5-minute digital safety power-up.

We hope this short article has helped increase your digital safety knowledge and awareness, and the 5 minutes read was worth the time.

We will be exposing more scams so stay tuned if this topic does interest you.

5-minutes crypto and digital safety power-ups

For more 5-minute Power Power-Ups, please consider subscribing to our blog.

How do you rate this article?


5-minute digital safety power-ups
5-minute digital safety power-ups

Valuable digital safety knowledge and good practices in short but informative articles. Protect your most valuable crypto and digital assets from hacks, scams, and accidents.

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.