Table Of Content
Introduction: From Suspicion to Certainty
A dangerous Phishing Scam recently started flooding my email inbox, revealing a troubling pattern of deception. Starting in 2024, I began consistently receiving highly suspicious emails, seemingly from well-known financial and crypto companies such as Reloadly and MetaMask. The most unsettling part? My email client displayed them as “pre-subscribed,” as if I had personally opted into their mailing lists. This report provides a complete breakdown of the manipulative tactics behind these scams, the hackers’ strategy, and, most importantly, actionable advice for protection and recovery.
The “Pre-Subscribed” Deception: How My Inbox Was Compromised
How My Inbox Was Compromised
The wave of suspicious emails started in 2024, and initially, I dismissed them as mere spam or routine notifications. The subject lines were expertly crafted to create fear and urgency, including phrases like: “Account Froze: Mandatory Review,” “Don’t Risk Funds: Link Your Email Now,” and “Activity Update.”
Curiously, the sender address for all these emails was “reviews@yoto.com,” which is associated with Yoto, a children’s audio company—a clear mismatch from the purported sender. The appearance of the “pre-subscribed” label is a strong indicator that my email address had been exposed in a data leak or compromised list and was now being used by hackers for a large-scale Phishing Scam campaign.
The Anatomy of the Scam: The Hackers’ Shrewd Strategy
An in-depth analysis confirms that these are classic Phishing Scam —a tried-and-true technique for cybercriminals:
- Spoofed Sender Identity: The emails were sent using a legitimate company’s name (Yoto) to bypass spam filters. Hackers often leverage Bulk Email Tools (like SurveyMonkey or Podia) to ensure their campaigns reach a wide audience.
- Threat and Urgency Tactics: The emails warned of serious consequences for inaction: “API keys expose,” “Account will freeze,” or “Lockdown in 24 hours.” The goal is to strip the user of time to think critically and compel an immediate click on the link.
- Misleading Links and Tokens: Each email contained a URL, such as:
login.reloadly.com/account-recovery?token=...These links lead to fraudulent Phishing Scam Websites designed to steal personal credentials like passwords, API keys, or crypto wallet Seed Phrases. - Brand Impersonation: The logos and names of Reloadly and MetaMask were misused to make the emails look authentic. However, minor errors (like misspelling the CEO’s name) often give the scam away. MetaMask’s official policy explicitly states they will never send unsolicited security emails.
- Date Manipulation: Using dates in the future (like 2025) is common in these scams to make the emails appear fresh and current.
The hackers’ full cycle is as follows: They purchase compromised email lists from past data breaches, generate sophisticated phishing scam emails, and use these emails to direct users to malicious phishing scam sites to capture credentials and subsequently access accounts and steal funds.
The Reality of the Targeted Companies
- Reloadly: This is a legitimate B2B fintech company, but no verifiable record of a major security breach in September 2025 could be found.
- MetaMask: This is a popular crypto wallet, and any unsolicited security email claiming to be from MetaMask is fake, as their policy prohibits such communication.
The “pre-subscribed” label likely indicates that the email address was included in a breached list, and the hackers formatted the email to imply a prior relationship with the companies, an attempt to gain trust and bypass suspicion.
Actionable Steps for Protection and Recovery
Immediate and ongoing security measures are essential to protect your information and finances:
- Never Click the Links: If you are suspicious, do not click the link. Instead, navigate directly to the official website (
reloadly.comormetamask.io) via your browser and log in there. - Verify the Sender: Hover over the sender’s address to see the actual email and compare it against the company’s official contacts.
- Change Credentials: If you accidentally clicked a link or entered any information, immediately change all related passwords.
- Secure Your Crypto Wallet: In a MetaMask threat scenario, immediately transfer funds to a new, secure wallet and reset your current wallet with a new seed phrase. Report the MetaMask Phishing Scam attempt via their support channels.
- Enhance Security: Always use Two-Factor Authentication (2FA) and consider a Hardware Wallet (like Ledger) for significant crypto assets.
- Report the Phishing Scam: Use the “Report Phishing Scam” or “Report Spam” function in your email client. If funds were stolen, file a report with the local cybercrime authority (e.g., FBI’s IC3 service) and contact the relevant company support.
Conclusion: A Moment of Security Awakening
The stream of emails in my inbox has taught a crucial lesson: complacency in cybersecurity comes at a high cost. The “pre-subscribed” tag was a clever psychological trick used by hackers to establish fake trust. This is a clear Phishing Scam, ultimately aimed at stealing personal information and funds.
If you encounter similar emails, do not hesitate, report them immediately, and adopt the strictest security protocols. This experience has heightened my personal security awareness, and hopefully, this report will help others stay protected from these sophisticated deceptions.
