[WARNING] PHISHING - Trezor Typosquatting Domain

[masulum]

Be careful when you are typing a domain website. One typos can make your asset lost. I find some Typosquatting Domain for Trezor. When you are typing

Code:

trezpr.io (167.114.220.88)
trezoe.io (167.114.220.88)
trezot.io (167.114.220.88)
trezr.io (167.114.220.88)
trezer.io (167.114.220.88)
trezort.io (167.114.220.88)
trwzor.io (167.114.220.88)
terzor.io (167.114.220.88)
teezor.io (167.114.220.88)
tezor.io (167.114.220.88)
yrezor.io (167.114.220.88)
rezor.io (167.114.220.88)

you will redirecting to:

trezor.us

Some Domain information:

Code:

Domain Name: TREZPR.IO
Registry Domain ID: D503300001183080702-LRMS
Registrar WHOIS Server: whois.namesilo.com
Registrar URL: http://www.namesilo.com
Updated Date: 2020-02-05T02:46:02Z
Creation Date: 2020-02-05T02:36:11Z
Registry Expiry Date: 2021-02-05T02:36:11Z

Domain Name: TREZOE.IO
Registry Domain ID: D503300001183080700-LRMS
Registrar WHOIS Server: whois.namesilo.com
Registrar URL: http://www.namesilo.com
Updated Date: 2020-02-05T21:56:51Z
Creation Date: 2020-02-05T02:36:08Z
Registry Expiry Date: 2021-02-05T02:36:08Z


Domain Name: trezor.us
Registry Domain ID: D981FBFD3B7FE46AEB0383A809C5D235C-NSR
Registrar WHOIS Server: whois.namesilo.com
Registrar URL: www.namesilo.com
Updated Date: 2020-02-10T20:40:52Z
Creation Date: 2020-02-06T07:18:09Z
Registry Expiry Date: 2021-02-06T07:18:09Z

Domain Name: TREZOT.IO
Registry Domain ID: D503300001183080701-LRMS
Registrar WHOIS Server: whois.namesilo.com
Registrar URL: http://www.namesilo.com
Updated Date: 2020-02-05T21:56:55Z
Creation Date: 2020-02-05T02:36:09Z
Registry Expiry Date: 2021-02-05T02:36:09Z

Website screenshot:

REAL TREZOR WEBSITE
https://trezor.io/

[1713879825]

1713879825

[1713879825]

1713879825

[1713879825]

1713879825

[brianddk]

As the reddit thread suggests, add these sites to a hosts file or ask PiHole to catch them.  You can also do a bit of study of how SSL works.  All these sites have a "Lets Encrypt" SSL cert, whereas the official trezor wallet sites have certs issued by "Amazon".  If you want to offload the work, you can always look the sites up on Alexa.

https://www.alexa.com/siteinfo/trezor.us <== Phishing sites have poor rank

https://www.alexa.com/siteinfo/trezor.io <== Real sites are well ranked

If you want to offload even more you can use the Alexa Traffic Rank plugin, but that will harvest a lot of browsing data unless you tweek the settings.  The plugin is nice since you have a very visual indicator as to whether the site is well ranked (legit) or poorly ranked (phish)

[mk4]

Took a look at the scam site just for curiosity sake, and.. yea. Not even surprised in the slightest.



This is a reminder that if you own a decently big business(especially concerning finance) that it would be heavily beneficial to also purchase the typo-domains(at least the close ones like trezoe/trezpr) to protect your users.

[minairia3]

Be careful when you are typing a domain website. One typos can make your asset lost. I find some Typosquatting Domain for Trezor. When you are typing

Typo is an inevitable mistake I believe but does this really make your fund loss right away just by clicking? Normally a virus site pinpoint you directly to another browser and that's where the stealing of info begins. But how long before they can gain access your files when you already closes the fakd browser?

I dont own a trezor but this kind of fill up form is literally an obvious scam. What the hell, why the user need to confirm its phrase so the data will not be corrupted and damage. Pretty lame to fall with the likes of this scheme.

[masulum]

This is a reminder that if you own a decently big business(especially concerning finance) that it would be heavily beneficial to also purchase the typo-domains(at least the close ones like trezoe/trezpr) to protect your users.

I agree with you, many companies buy several domain to safe their customers from scam or phishing because of typos. trezoe and trezpr it the most potential typos doing by user if trezor buy this domain too, it will safe lot of user.

Typo is an inevitable mistake I believe but does this really make your fund loss right away just by clicking? Normally a virus site pinpoint you directly to another browser and that's where the stealing of info begins. But how long before they can gain access your files when you already closes the fakd browser?

Phishing wouldn't make our money lost just by clicking, but it will do if member login with their credential on this sites such as Privatekey and phassphrase, and phishing web owner can duplicate that key and password. When he was duplicated user credential, its easy to him/she stealing user money.

[minairia3]

Phishing wouldn't make our money lost just by clicking, but it will do if member login with their credential on this sites such as Privatekey and phassphrase, and phishing web owner can duplicate that key and password. When he was duplicated user credential, its easy to him/she stealing user money.

I see maybe I'm just thinking of a super efficient hacking approach that could easily planted some virus that could automatically steal our funds by just a short period of time by clicking and browsing on their fake site. Anyway, thanks for the heads up about these typos. I'm sure those have trezor would always check the security cause of this list is kinda scary to use search engine and just click what youre looking. Maybe bookmarked always is the best way at least.

[20kevin20]

I dont own a trezor but this kind of fill up form is literally an obvious scam. What the hell, why the user need to confirm its phrase so the data will not be corrupted and damage. Pretty lame to fall with the likes of this scheme.

Very easy trap for newbies, maybe even for intermediate users.

Most wallets require you to rewrite the seed after saving it in order to make sure it's the correct one. It's easy to mistake that assurance step for this one.

[mk4]

Very easy trap for newbies, maybe even for intermediate users.

Most wallets require you to rewrite the seed after saving it in order to make sure it's the correct one. It's easy to mistake that assurance step for this one.

If a person thinks of him/herself as an "intermediate user" and gets scammed by voluntarily handing over his/her wallet's backup phrase, I don't think he/she deserves the title "intermediate user". There's a big difference of storing the keys for yourself and handing it over to a central authority, regardless who that central authority is.