Bitcoin Forum
April 06, 2020, 12:10:30 PM *
News: Latest Bitcoin Core release: 0.19.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: [WARNING] PHISHING - Trezor Typosquatting Domain  (Read 133 times)
masulum
Hero Member
*****
Offline Offline

Activity: 728
Merit: 1012


Tarik/Depo Indodax - https://zaky-cell.com


View Profile
February 12, 2020, 12:49:18 PM
Merited by OgNasty (2), taufik123 (1), iasenko (1), DdmrDdmr (1), Husna QA (1)
 #1

Be careful when you are typing a domain website. One typos can make your asset lost. I find some Typosquatting Domain for Trezor. When you are typing

Code:
trezpr.io (167.114.220.88)
trezoe.io (167.114.220.88)
trezot.io (167.114.220.88)
trezr.io (167.114.220.88)
trezer.io (167.114.220.88)
trezort.io (167.114.220.88)
trwzor.io (167.114.220.88)
terzor.io (167.114.220.88)
teezor.io (167.114.220.88)
tezor.io (167.114.220.88)
yrezor.io (167.114.220.88)
rezor.io (167.114.220.88)

you will redirecting to:

trezor.us

Some Domain information:
Code:
Domain Name: TREZPR.IO
Registry Domain ID: D503300001183080702-LRMS
Registrar WHOIS Server: whois.namesilo.com
Registrar URL: http://www.namesilo.com
Updated Date: 2020-02-05T02:46:02Z
Creation Date: 2020-02-05T02:36:11Z
Registry Expiry Date: 2021-02-05T02:36:11Z

Domain Name: TREZOE.IO
Registry Domain ID: D503300001183080700-LRMS
Registrar WHOIS Server: whois.namesilo.com
Registrar URL: http://www.namesilo.com
Updated Date: 2020-02-05T21:56:51Z
Creation Date: 2020-02-05T02:36:08Z
Registry Expiry Date: 2021-02-05T02:36:08Z


Domain Name: trezor.us
Registry Domain ID: D981FBFD3B7FE46AEB0383A809C5D235C-NSR
Registrar WHOIS Server: whois.namesilo.com
Registrar URL: www.namesilo.com
Updated Date: 2020-02-10T20:40:52Z
Creation Date: 2020-02-06T07:18:09Z
Registry Expiry Date: 2021-02-06T07:18:09Z

Domain Name: TREZOT.IO
Registry Domain ID: D503300001183080701-LRMS
Registrar WHOIS Server: whois.namesilo.com
Registrar URL: http://www.namesilo.com
Updated Date: 2020-02-05T21:56:55Z
Creation Date: 2020-02-05T02:36:09Z
Registry Expiry Date: 2021-02-05T02:36:09Z

Website screenshot:


REAL TREZOR WEBSITE
https://trezor.io/

▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒
▒▒▒▒▒▒▒▒██████████████████████▒▒▒
▒▒▒▒▒▒▒█████████████████████▒▒▒█▌
▒▒▒▒▒▒▐███████████████████▒▒▒██
▒▒▒▒▒▒███▀▒▒▒▒▒▒▒▒▒██████▒▒▒██
▒▒▒▒▒███▒▒▒▒▒▒▒▒▒▐█████▒▒▒███
▒▒▒▒██▒▒▒▒▒▒▒▒▒▒██████▒▒▒██▌
▒▒▒█▀▒▒▒▒▒▒▒▒▒▒█████▒▒▒███
▒▒▒▒▒▒▒▒▒▒▒▒▒████▒▒▒▒███
▒▒▒▒▒▒▒▒▒▒▒▒▒████▒▒▒████
▒▒▒▒▒▒▒▒▒▒▒▄███▒▒▒█████
▒▒▒▒▒▒▒▒▒▒████▒▒▒█████
▒▒▒▒▒▒▒▒▒███▒▒▒█████▒▒▒▒▒▒▒▒▒▒▒▒
▒▒▒▒▒▒▒▐███▒▒▒█████▒▒▒▒▒▒▒▒▒▒▒██
▒▒▒▒▒▒███▒▒▒██████▒▒▒▒▒▒▒▒▒▒███
▒▒▒▒▒██▒▒▒▒██████▒▒▒▒▒▒▒▒▒████
▒▒▒▒██▒▒▒████████████████████
▒▒▒▒▒▒█████████████████████
▒▒▒▒▒█████████████████████
r           ▄
           ██▄
           ████▄
█████████████████▄
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
 ▀█████▀▀▀▀▀▀▀▀▀▀▀
   ▀███
     ▀█
           ▄
           ██▄
           ████▄
█████████████████▄
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
 ▀█████▀▀▀▀▀▀▀▀▀▀▀
   ▀███
     ▀█
1586175030
Hero Member
*
Offline Offline

Posts: 1586175030

View Profile Personal Message (Offline)

Ignore
1586175030
Reply with quote  #2

1586175030
Report to moderator
1586175030
Hero Member
*
Offline Offline

Posts: 1586175030

View Profile Personal Message (Offline)

Ignore
1586175030
Reply with quote  #2

1586175030
Report to moderator
AWARD-WINNING
CRYPTO CASINO
ASKGAMBLERS
PLAYERS CHOICE 2019
PROUD
PARTNER OF
1500+
GAMES
2 MIN
CASH-OUTS
24/7
SUPPORT
100s OF
FREE SPINS
PLAY NOW
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1586175030
Hero Member
*
Offline Offline

Posts: 1586175030

View Profile Personal Message (Offline)

Ignore
1586175030
Reply with quote  #2

1586175030
Report to moderator
1586175030
Hero Member
*
Offline Offline

Posts: 1586175030

View Profile Personal Message (Offline)

Ignore
1586175030
Reply with quote  #2

1586175030
Report to moderator
1586175030
Hero Member
*
Offline Offline

Posts: 1586175030

View Profile Personal Message (Offline)

Ignore
1586175030
Reply with quote  #2

1586175030
Report to moderator
brianddk
Jr. Member
*
Offline Offline

Activity: 44
Merit: 10


View Profile WWW
February 13, 2020, 03:51:06 AM
 #2

As the reddit thread suggests, add these sites to a hosts file or ask PiHole to catch them.  You can also do a bit of study of how SSL works.  All these sites have a "Lets Encrypt" SSL cert, whereas the official trezor wallet sites have certs issued by "Amazon".  If you want to offload the work, you can always look the sites up on Alexa.

https://www.alexa.com/siteinfo/trezor.us <== Phishing sites have poor rank

https://www.alexa.com/siteinfo/trezor.io <== Real sites are well ranked

If you want to offload even more you can use the Alexa Traffic Rank plugin, but that will harvest a lot of browsing data unless you tweek the settings.  The plugin is nice since you have a very visual indicator as to whether the site is well ranked (legit) or poorly ranked (phish)
mk4
Legendary
*
Offline Offline

Activity: 1260
Merit: 1267


Dank memes: 9999


View Profile WWW
February 13, 2020, 04:34:45 AM
Merited by OgNasty (1)
 #3

Took a look at the scam site just for curiosity sake, and.. yea. Not even surprised in the slightest.



This is a reminder that if you own a decently big business(especially concerning finance) that it would be heavily beneficial to also purchase the typo-domains(at least the close ones like trezoe/trezpr) to protect your users.

minairia3
Sr. Member
****
Offline Offline

Activity: 770
Merit: 262



View Profile
February 13, 2020, 04:52:19 AM
 #4

Be careful when you are typing a domain website. One typos can make your asset lost. I find some Typosquatting Domain for Trezor. When you are typing

Typo is an inevitable mistake I believe but does this really make your fund loss right away just by clicking? Normally a virus site pinpoint you directly to another browser and that's where the stealing of info begins. But how long before they can gain access your files when you already closes the fakd browser?




I dont own a trezor but this kind of fill up form is literally an obvious scam. What the hell, why the user need to confirm its phrase so the data will not be corrupted and damage. Pretty lame to fall with the likes of this scheme.

.
.
.
▄███████████████████▄
█████████████████████
████████████▀▀░░░░███
███████████▌░░░░░░███
███████████░░░░██████
███████████░░░░██████
████████░░░░░░░░░░▐██
████████░░░░░░░░░░███

███████████░░░░██████

███████████░░░░██████

███████████░░░░██████

███████████░░░░██████

▀██████████░░░░█████▀
▄███████████████████▄
█████████████████████
█████████████████████
████▀██████▀░░░▀▀▄███
████░░▀▀███░░░░░░▄███
████▀░░░░░░░░░░░▐████
████▄░░░░░░░░░░░█████
█████▀░░░░░░░░░▄█████

████▀█▄░░░░░░░▄██████

█████▄░░░░░▄▄████████

█████████████████████

█████████████████████

▀███████████████████▀
▄███████████████████▄
█████▀▀▀▀▀▀▀▀▀▀▀█████
███░░░▄▄▄▄▄▄▄▄▄░░░███
██░░▄█████████▀▀▄░░██
██░░███▀▀░░░▀▀▄▄█░░██
██░░██▀░▄███▄░▀██░░██
██░░██░░█████░░██░░██
██░░██▄░▀███▀░▄██░░██

██░░███▄▄░░░▄▄███░░██

██░░▀███████████▀░░██

███░░░▀▀▀▀▀▀▀▀▀░░░███

█████▄▄▄▄▄▄▄▄▄▄▄█████

▀███████████████████▀
▄███████████████████▄
█████████████████████
█████████████████████
██████████████▀▀▀████
██████████▀▀░░░░▐████
██████▀▀░░░▄▀░░░█████
████░░░░▄▄▀░░░░▐█████
██████▄▐█░░░░░░██████

███████▌▌░░░░░▐██████

████████▄██▄▄░███████

█████████████████████

█████████████████████

▀███████████████████▀
.
masulum
Hero Member
*****
Offline Offline

Activity: 728
Merit: 1012


Tarik/Depo Indodax - https://zaky-cell.com


View Profile
February 13, 2020, 05:11:41 AM
 #5

This is a reminder that if you own a decently big business(especially concerning finance) that it would be heavily beneficial to also purchase the typo-domains(at least the close ones like trezoe/trezpr) to protect your users.

I agree with you, many companies buy several domain to safe their customers from scam or phishing because of typos. trezoe and trezpr it the most potential typos doing by user if trezor buy this domain too, it will safe lot of user.


Typo is an inevitable mistake I believe but does this really make your fund loss right away just by clicking? Normally a virus site pinpoint you directly to another browser and that's where the stealing of info begins. But how long before they can gain access your files when you already closes the fakd browser?

Phishing wouldn't make our money lost just by clicking, but it will do if member login with their credential on this sites such as Privatekey and phassphrase, and phishing web owner can duplicate that key and password. When he was duplicated user credential, its easy to him/she stealing user money.

▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒
▒▒▒▒▒▒▒▒██████████████████████▒▒▒
▒▒▒▒▒▒▒█████████████████████▒▒▒█▌
▒▒▒▒▒▒▐███████████████████▒▒▒██
▒▒▒▒▒▒███▀▒▒▒▒▒▒▒▒▒██████▒▒▒██
▒▒▒▒▒███▒▒▒▒▒▒▒▒▒▐█████▒▒▒███
▒▒▒▒██▒▒▒▒▒▒▒▒▒▒██████▒▒▒██▌
▒▒▒█▀▒▒▒▒▒▒▒▒▒▒█████▒▒▒███
▒▒▒▒▒▒▒▒▒▒▒▒▒████▒▒▒▒███
▒▒▒▒▒▒▒▒▒▒▒▒▒████▒▒▒████
▒▒▒▒▒▒▒▒▒▒▒▄███▒▒▒█████
▒▒▒▒▒▒▒▒▒▒████▒▒▒█████
▒▒▒▒▒▒▒▒▒███▒▒▒█████▒▒▒▒▒▒▒▒▒▒▒▒
▒▒▒▒▒▒▒▐███▒▒▒█████▒▒▒▒▒▒▒▒▒▒▒██
▒▒▒▒▒▒███▒▒▒██████▒▒▒▒▒▒▒▒▒▒███
▒▒▒▒▒██▒▒▒▒██████▒▒▒▒▒▒▒▒▒████
▒▒▒▒██▒▒▒████████████████████
▒▒▒▒▒▒█████████████████████
▒▒▒▒▒█████████████████████
r           ▄
           ██▄
           ████▄
█████████████████▄
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
 ▀█████▀▀▀▀▀▀▀▀▀▀▀
   ▀███
     ▀█
           ▄
           ██▄
           ████▄
█████████████████▄
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
 ▀█████▀▀▀▀▀▀▀▀▀▀▀
   ▀███
     ▀█
minairia3
Sr. Member
****
Offline Offline

Activity: 770
Merit: 262



View Profile
February 13, 2020, 06:53:54 AM
 #6


Phishing wouldn't make our money lost just by clicking, but it will do if member login with their credential on this sites such as Privatekey and phassphrase, and phishing web owner can duplicate that key and password. When he was duplicated user credential, its easy to him/she stealing user money.

I see maybe I'm just thinking of a super efficient hacking approach that could easily planted some virus that could automatically steal our funds by just a short period of time by clicking and browsing on their fake site. Anyway, thanks for the heads up about these typos. I'm sure those have trezor would always check the security cause of this list is kinda scary to use search engine and just click what youre looking. Maybe bookmarked always is the best way at least.

.
.
.
▄███████████████████▄
█████████████████████
████████████▀▀░░░░███
███████████▌░░░░░░███
███████████░░░░██████
███████████░░░░██████
████████░░░░░░░░░░▐██
████████░░░░░░░░░░███

███████████░░░░██████

███████████░░░░██████

███████████░░░░██████

███████████░░░░██████

▀██████████░░░░█████▀
▄███████████████████▄
█████████████████████
█████████████████████
████▀██████▀░░░▀▀▄███
████░░▀▀███░░░░░░▄███
████▀░░░░░░░░░░░▐████
████▄░░░░░░░░░░░█████
█████▀░░░░░░░░░▄█████

████▀█▄░░░░░░░▄██████

█████▄░░░░░▄▄████████

█████████████████████

█████████████████████

▀███████████████████▀
▄███████████████████▄
█████▀▀▀▀▀▀▀▀▀▀▀█████
███░░░▄▄▄▄▄▄▄▄▄░░░███
██░░▄█████████▀▀▄░░██
██░░███▀▀░░░▀▀▄▄█░░██
██░░██▀░▄███▄░▀██░░██
██░░██░░█████░░██░░██
██░░██▄░▀███▀░▄██░░██

██░░███▄▄░░░▄▄███░░██

██░░▀███████████▀░░██

███░░░▀▀▀▀▀▀▀▀▀░░░███

█████▄▄▄▄▄▄▄▄▄▄▄█████

▀███████████████████▀
▄███████████████████▄
█████████████████████
█████████████████████
██████████████▀▀▀████
██████████▀▀░░░░▐████
██████▀▀░░░▄▀░░░█████
████░░░░▄▄▀░░░░▐█████
██████▄▐█░░░░░░██████

███████▌▌░░░░░▐██████

████████▄██▄▄░███████

█████████████████████

█████████████████████

▀███████████████████▀
.
20kevin20
Hero Member
*****
Online Online

Activity: 490
Merit: 621


OWNR - Store all crypto in one app.


View Profile
February 13, 2020, 08:46:29 AM
 #7

I dont own a trezor but this kind of fill up form is literally an obvious scam. What the hell, why the user need to confirm its phrase so the data will not be corrupted and damage. Pretty lame to fall with the likes of this scheme.

Very easy trap for newbies, maybe even for intermediate users.

Most wallets require you to rewrite the seed after saving it in order to make sure it's the correct one. It's easy to mistake that assurance step for this one.

    BUY CRYPTO AT REASONABLE RATES    
▄▄███████▄▄
▄█████▀█▀█████▄
████        ▀████
███████  ███  █████
███████      ▀█████
███████  ███  █████
████        ▄████
▀█████▄█▄█████▀
▀▀███████▀▀
▄▄███████▄▄
▄█████▀ ▀█████▄
██████▀   ▀██████
██████▀     ▀██████
█████▀       ▀█████
█████▀▀▄▄ ▄▄▀▀█████
█████▄  ▀  ▄█████
▀█████▄ ▄█████▀
▀▀███████▀▀
▄▄███████▄▄
▄█████▀▀▀█████▄
██████   ▐███████
██████▌   ▀▀███████
█████▀    ▄████████
████▄    ▀▀▀▀▀▀████
███▌         ▄███
▀█████████████▀
▀▀███████▀▀
&OTHER
COINS
mk4
Legendary
*
Offline Offline

Activity: 1260
Merit: 1267


Dank memes: 9999


View Profile WWW
February 14, 2020, 02:30:08 AM
 #8

Very easy trap for newbies, maybe even for intermediate users.

Most wallets require you to rewrite the seed after saving it in order to make sure it's the correct one. It's easy to mistake that assurance step for this one.

If a person thinks of him/herself as an "intermediate user" and gets scammed by voluntarily handing over his/her wallet's backup phrase, I don't think he/she deserves the title "intermediate user". Tongue There's a big difference of storing the keys for yourself and handing it over to a central authority, regardless who that central authority is.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!