Another fake website of trezor.io with Punycode[Beware][Updated with fake sites]

[BitMaxz]

I recently searching on google with keyword "trezor" and I found a fake website.

Here's what it looks like



Then I tried to check the website and I found that it looks the same as the original trezor wallet page I tried to click any pages but none of the buttons works except for wiki but the result is page not found and two wallet button.


The weird thing that I found after copying the URL and pasting it to report page on google the website URL shows different so my guess it is a Punycode website. Look at URL below.

Code:

https://xn--wllet-trezor-y9a.com/#

So obvious that this website is fake and they are targeting trezor user.


The website just created a few days ago according to whois.

Code:

Domain:wàllet-trezor.com
Registrar:Tucows Domains Inc.
Registered On:2019-06-01
Expires On:2020-06-01
Updated On:2019-06-10
Status:clientTransferProhibited
clientUpdateProhibited
Name Servers:1-you.njalla.no
2-can.njalla.in
3-get.njalla.fo

[1714188497]

1714188497

[1714188497]

1714188497

[Pmalek]

The google ad seems to have been removed. I just tried googling 'trezor' and the add is no longer there, at least for me.
Pay attention to the way they spelled tresor incorrectly!

Good find and thanks for letting us know. 

[Lucius]

For anyone who is have adblock in browser such sites will not be visible at all, so use adblock and block such ads. I just turn off my adblock to see if that site is still show on top of search results, but I find another fake site for Trezor. It seems that first one is disabled by Google, but someone is just activate new ad campaign in Google AdWords.

This site is redirecting to :

Code:

https://trczor.io/

[o_e_l_e_o]

Yeah, this is what I would call a "Swiss cheese model" - there a lot of things that you are doing wrong here to be subjected to this kind of attack.

First of all, Google is a terrible search engine in terms of privacy and security. I would recommend switching to something like DuckDuckGo, which doesn't display ads like this.
Second of all, you aren't blocking these malicious ads. As Lucius says, download an ad blocker such as uBlock Origin.
Third of all, you shouldn't be using search engines to find the websites for exchanges, wallets, etc., as you run the risk of landing on a fake page such as this one. It is much better to type in the link manually.
Lastly, you can force your browser to display Punycode so you will always notice this kind of attack. On Firefox or Tor, open a new tab, type in about:config, search for network.IDN_show_punycode, and set to "true".

[BitMaxz]

There is a new advert pop up on google when searching "trezor" wallet.



It seems they keep creating new fake website but when I tried to click the website with my local IP this is what it looks like



They redirect me to watches shop but when I'm using a unique IP with VPN  now the ads redirect me to a different domain.



Beware on this website:

Code:

trczor.io

They are now upgraded and blocked my local IP and use a Cloaking technique where my IP detected as a google bot spider that is why the site redirects me to different content if your IP is not unique it will happen to you as well.

I'm sure this hacker have lots of SEO technique and I'm sure this is the same guy who created the Punycode website that I posted earlier.

If you saw a different website please report them to google so that we can prevent them from hacking trezor users wallet.

[Lucius]

As I already wrote, it looks like the one person exploiting all the possibilities which are permitted by Google AdWords and just creating new campaigns, or trying to mask them as much as possible. I also see that new site now, and it is redirecting to link I posted in post 3, which is same BitMaxz post in his last post.

If it's just about one person behind this, then Google need to ban this account and stop him to do this. I report this link to Google Safe Browsing, and if more users do that it will attract attention of Google who will then block this site in browser as deceptive site , so even users who not use adblock will be safe.

[BitMaxz]

As I already wrote, it looks like the one person exploiting all the possibilities which are permitted by Google AdWords and just creating new campaigns, or trying to mask them as much as possible. I also see that new site now, and it is redirecting to link I posted in post 3, which is same BitMaxz post in his last post.

If it's just about one person behind this, then Google need to ban this account and stop him to do this. I report this link to Google Safe Browsing, and if more users do that it will attract attention of Google who will then block this site in browser as deceptive site , so even users who not use adblock will be safe.

The problem even they ban the google account they can still create a new campaign with fresh account because there are many IM selling google ads account on marketing forum like on BHW.

I have experienced about this and I'm currently joined on the skype group where many IM users buying google and bing ads account.

So even google keep banning accounts they can still make another campaign with a fresh account. Google should ban "trezor" keyword to display on google so that no one will see these ads again.

[Lucius]

I just check that fake site and it is not working today, and there is no new bad ads if I search Google by keyword "trezor". It seems that Google responded very quickly and banned this account, and owner is just shut down that site.

Google should build in adblock in Chrome, but that makes no sense for them since they sell ads and they want users to see them, regardless whether they are good or bad. They should check every ad before getting permission to show such ad, but we all know that this is something that currently is not an option.

[o_e_l_e_o]

Google should build in adblock in Chrome, but that makes no sense for them since they sell ads and they want users to see them, regardless whether they are good or bad.

It's much worse than Chrome simply not having an in-built ad-blockers:

https://www.tomsguide.com/us/chrome-block-ad-blockers,news-30206.html
https://www.cnet.com/news/google-holds-firm-on-chrome-changes-that-may-break-ad-blockers/
https://hub.packtpub.com/is-it-time-to-ditch-chrome-ad-blocking-extensions-will-now-only-be-for-enterprise-users/
https://www.theregister.co.uk/2019/01/22/google_chrome_browser_ad_content_block_change/

Google are planning to effectively prevent ad blockers and other content blockers from working in Chrome. They don't like third parties being able to decide which ads are displayed and which tracking can and cannot take place, so they are now going to stop these third party extensions from working. Chrome will soon become an ad-fest. Using Chrome was already a poor choice in terms of privacy and anti-tracking, but this update makes it even worse.

Chrome's biggest selling point - being simple and fast - is simply no longer true. Everyone should be using Firefox, Brave or Tor instead.

[BitMaxz]

I just check that fake site and it is not working today, and there is no new bad ads if I search Google by keyword "trezor". It seems that Google responded very quickly and banned this account, and owner is just shut down that site.

Google should build in adblock in Chrome, but that makes no sense for them since they sell ads and they want users to see them, regardless whether they are good or bad. They should check every ad before getting permission to show such ad, but we all know that this is something that currently is not an option.

They did remove the site from the ads but there is a new site pop up again on google with the same keyword.



And redirects me to the same website

Code:

trczor[.]io

It seems he have lots of google ads account.

If you guys see another site just keep reporting them to google so that we can reduce trezor users to accidentally click the fake website.

[Krislaw]

I want to buy Trezor and i have online store on my country sell it cheap price, i don't thing so they sell it legit trezor or not,
https://www.tokopedia.com/joyaccs/trezor-the-original-hardware-wallet?refined=true&trkid=f=Ca0000L000P0W0S0Sh,Co0Po0Fr0Cb0_src=search_page=1_ob=23_q=trezor+wallet_po=11_catid=36&lt=/searchproduct%20-%20p3%20-%20product&m_id=16184793

https://www.bukalapak.com/p/komputer/aksesoris-226/aksesoris-lainnya-241/1d92qh3-jual-trezor-the-original-hardware-wallet

How can i now those Trezor are fake or not?, can i updated latest firmware will removed all virus and malware?

[bob123]

How can i now those Trezor are fake or not?, can i updated latest firmware will removed all virus and malware?

You would need to inspect the hardware.

Updating the firmware would remove a malicious firmware, but would not help if it has been tampered with on a hardware basis.

You either need to know which components exactly are required, open the case and check everything.. or you buy it directly from Trezor / their official resellers.

[Pmalek]

They did remove the site from the ads but there is a new site pop up again on google with the same keyword.

If you guys see another site just keep reporting them to google so that we can reduce trezor users to accidentally click the fake website.

I don't get the result you got but I see the following site ad on my end:
www.oystert.tk/Hardware/Wallet‎
I didn't click on the link for safety reasons, I advice others don't click on it either!

@Krislaw
Inspecting the hardware is not an easy task if you don't know what you are doing. Why risk it? Just purchase it from the official site like bob123 suggested.