|
Title: Trezor site phishing alert Post by: gentlemand on July 02, 2018, 10:04:14 AM https://blog.trezor.io/psa-phishing-alert-fake-trezor-wallet-website-3bcfdfc3eced
I've always found the browser reliance a tad disturbing and this does little to alleviate it. All it takes is one lapse of concentration for stuff like this to catch you out and they're only going to get more sophisticated. Title: Re: Trezor site phishing alert Post by: OmegaStarScream on July 02, 2018, 09:31:29 PM The warning is definitely appreciated but I doubt anyone would fall for this and type his seed. What was the URL of the phishing sites by the way? A screenshot has been posted but it shows the original site in the address bar.
Title: Re: Trezor site phishing alert Post by: gentlemand on July 02, 2018, 09:35:42 PM The warning is definitely appreciated but I doubt anyone would fall for this and type his seed. What was the URL of the phishing sites by the way? A screenshot has been posted but it shows the original site in the address bar. "The fake Trezor Wallet website was served to some users who attempted to access wallet.trezor.io — the legitimate address. We do not yet know which attack vector was used, but the signs point toward DNS poisoning or BGP hijacking." It would've appeared as the correct URL. You have to type your seed into the computer anyway if I remember rightly. It's the order that you don't reveal and that's what this site was angling for. If you haven't done anything with your seed since you got the device it's possible you wouldn't remember that bit. Title: Re: Trezor site phishing alert Post by: BitMaxz on July 02, 2018, 10:45:12 PM It also looks like a plugin or extension that redirect the user to the fake site and pretending as trezor but the url is correct.
The only difference is the fake site is using non https in the url unlike the legit trezor that used secured https in the url. I'm trying to access the non https but looks like only affected users can redirect to the fake site. |