HQ/EMEAFind out how we can help your business
A new phishing campaign impersonates Trezor and distributes data breach notifications to fool targets and steal cryptocurrency assets. Trezor is a hardware crypto wallet that users could use to store their cryptocurrency funds offline in cloud-based wallets or apps.
This hardware crypto wallet could add protection from malware and infected devices since it is not meant to be connected to a PC. This offline crypto wallet provides users with 12 or 24-word recovery that they could use to recover assets if a device is lost, malfunctions, or misplaced by the owner.
The downside of this feature is anyone who acquires the same recovery seed could potentially restore the wallet on their devices, making them the primary targets of phishing attacks.
Trezor users are now prone to phishing campaigns.
In the last days of February, Trezor users started receiving suspicious email and SMS messages stating that the crypto wallet had suffered a data breach incident. These phishing messages instructed its targets to visit some websites to secure their accounts.
According to the message, Trezor has experienced a security breach that might cause user asset issues. Subsequently, the phishing messages prompted the users to follow a security procedure through a website to avoid conflicts.
The listed websites showed a fake Trezor domain with a warning notification, “Your assets might be at risk!.” The website will then guide its target on securing the crypto wallet.
Once a user clicks the start button on the website, it will be instructed by the domain to provide the security seed, which is the primary goal of the attackers. Unfortunately, once a user is deceived by the site and provided the seed, the threat actor will steal it and restore their crypto funds to an attacker-controlled device.
Therefore, Trezor users should be wary of unwanted communications from sketchy messages. Users should also review the websites they are accessing to avoid getting fooled by threat actors.
It is also advised never to reveal or share any recovery passwords, phrases, or seeds with anyone since it is the primary target of most adversaries.
