[Be Aware] Fake Trezor

[Chikito]

What Happened: Fake or Phishing Trezor Website

Phishing website :

Code:

https://terezor.io/
https://wiki.terezor.io/Welcome
https://blog.terezor.io/
https://wallet.terezor.io/

Code:

IP Address: 46.30.40.108
Domain Name: TEREZOR.IO
Registry Domain ID: D503300001182310804-LRMS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: www.namecheap.com
Updated Date: 2019-11-19T11:13:13Z
Creation Date: 2019-11-19T11:09:50Z
Registry Expiry Date: 2020-11-19T11:09:50Z
Registrar Registration Expiration Date:
Registrar: NameCheap, Inc
Registrar IANA ID: 1068

Real website: https://trezor.io/

Code:

Domain Name: TREZOR.IO
Registry Domain ID: D503300000040387472-LRMS
Registrar WHOIS Server: whois.101domain.com
Registrar URL: https://www.101domain.com
Updated Date: 2019-10-21T12:13:27Z
Creation Date: 2014-07-21T08:45:45Z
Registry Expiry Date: 2027-07-21T08:45:45Z
Registrar Registration Expiration Date:
Registrar: 101domain GRS Ltd
Registrar IANA ID: 1011

[fratoshi]

Thank you for sharing, i always been concerned when buying a hardware wallet that the guys that work at the post office will open the wallet and install a malware or something to hack my coins, that's why i don't use it as a cold wallet

[virasog]

Thank you for sharing, i always been concerned when buying a hardware wallet that the guys that work at the post office will open the wallet and install a malware or something to hack my coins, that's why i don't use it as a cold wallet

You should avoid the fake Trezor site only but you cannot claim that cold wallets are dangerous or avoided. If you are experienced, you will know how to protect and safely use cold wallets as they are the best way to store your coins. If you have some good amount of bitcoins it is recommended to buy hardware wallets and you can get them cheap on this black Friday.

[dkbit98]

Good finding OP.
I reported fake trezor website to google and symantec.
Metamask already blacklisted it

[bL4nkcode]

Reported it to its registrar (namecheap) so the account of this scammers and domain will be terminated.

[FIFA worldcup]

Reported it to its registrar (namecheap) so the account of this scammers and domain will be terminated.

You can either send an email to abuse@namecheap.com or a better way is to raise the ticket with namecheap.
How and where can I file abuse complaints?

[fratoshi]

Wandering what that website was doing?
1) Selling fake Trezor modified with malware or something to steal coins?
or
2) Just collecting the payment and not delivering?

[magneto]

Wandering what that website was doing?
1) Selling fake Trezor modified with malware or something to steal coins?
or
2) Just collecting the payment and not delivering?

Likely the second.

The capital required to develop a large scale clone of any hardware wallet is so substantial that most scammers will be unwilling or unable to put in this initial investment. It's much easier to build a phishing site from ground up and market an already existing product on it.

Either way, it's a scam. So that's that. People should be extremely careful with these phishing sites, especially in terms of hardware.

[bL4nkcode]

After reporting it to to namecheap, the domain is now suspended as per their email.

Code:

Hello,

This is to inform you that the terezor[.]io domain was suspended. It has been placed on the clientHold status and locked to prevent modifications in our system.

Thank you for letting us know about the issue.

[trapcoder666]

After reporting it to to namecheap, the domain is now suspended as per their email.

Code:

Hello,

This is to inform you that the terezor[.]io domain was suspended. It has been placed on the clientHold status and locked to prevent modifications in our system.

Thank you for letting us know about the issue.

Nice. Namecheap should also tighten their regulations a little by at- least manually reviewing orders but at least they tend to react fast after a report is made.

A lot of these sites tend to use google ads to promote their busineses as well. It's also getting pretty hard to distinguish the urls at times (punycode attacks)

[Chikito]

Don't try put trezor to search engine, because today found fake trezor website appear and camouflage into Women's Suits Spring Summer Collection 2019 shop.

Code:

https://tkezor.tk/

https://www.virustotal.com/gui/url/4cd437b0e4d0f4ea3b4b7481cbc7367061dc2acb89441a7c02e28af1d730b90b/detection
IP Address:104.27.179.3
When we find relation that's IP will found another coin,
https://www.virustotal.com/gui/ip-address/104.27.179.3/relations

Code:

www.vdscoin.org

and fake

Code:

nordvpn.ch
http://www.fb-com.ga/

[Chikito]

Fake trezor again

Be aware guys, don't search on an engine



camouflage into restaurant link

Code:

http://trekorz.ga/

Code:

IP Address: 104.24.124.30
Domain name:
TREKORZ.GA
Organisation:
Gabon TLD B.V.
My GA administrator
P.O. Box 11774
1001 GT Amsterdam
Netherlands
Phone: +31 20 5315725
Fax: +31 20 5315721

One of the most common phishing attacks in crypto is fake websites impersonating wallets, exchanges, or other services, asking unaware users to enter their recovery seed. With Trezor, you’re fully protected against remote threats, and with the right practices and a strong passphrase, you’re also safe against physical attacks targeting your recovery seed.

[nydiacaskey01]

Thank you for sharing, i always been concerned when buying a hardware wallet that the guys that work at the post office will open the wallet and install a malware or something to hack my coins, that's why i don't use it as a cold wallet

I guess this is an isolated case because what are the odds that the parcel of Trezor will be handled by a guy in the mail room that has a good knowledge of Trezor and has a readily available software to install a malware or a virus to steal the coins stored in Trezor. The chances that its an inside job is more likely to happen than that scenario in the post office.