Trezor phishing scam is in progress

[Pmalek]

Trezor warned its community about an ongoing phishing scam a few hours ago.
According to the company's information, scammers contact users via SMS, email, and even phone. Potential victims are told that their Trezor Suite has been breached and is vulnerable. The scammers probably instruct users to download fake apps to steal their seeds and cryptocurrencies.

- Don't fall for it because it's fake!
- If you are a Trezor user, don't click on unknown links and answer calls from unknown numbers. It's the oldest trick in the book.

Trezor states they have no information about a data breach on their end. We should know more in the next few days if something bad has happened.



If you are a Trezor user, did you receive any emails, SMS, or calls from scammers? 


Source:
https://twitter.com/Trezor/status/1630526933199998977 

[1715614309]

1715614309

[1715614309]

1715614309

[1715614309]

1715614309

[1715614309]

1715614309

[1715614309]

1715614309

[1715614309]

1715614309

[DdmrDdmr]

If you follow the phishing link, it goes on to show the following "warning":

If you then proceed, it the goes and .. surprise .. yep, it asks you for your seed:

It doesn’t really go any further, but it obviously logs whatever you type.


What now remains to be seen is what the actual origin of the data for the phishing campaign is, and whether it is random (but based on a crypto related user list) or specific to Trezor.

Edit:
Another option I was toying around with, is that some data could be originated in one of the prio mailchimp leaks that affected Trezor. Though I believe they mentioned only emails were leaked, it only takes a bit of effort for someone to cross a couple of rough databases by email and start to associate some registers with a phone number in addition to the email.

[dkbit98]

Scammers never sleep  
Few day ago in one of my temporary email addresses I received this two messages from fake Trezor with similar content, but it was obvious to me so I didn't click anything and I permanently deleted both of them.
I think this is not connected with any Trezor leak, but to some other crypto service... so they are using any crypto leak hoping that people are using hardware wallets.

[ajiz138]

I am a Trezor user, although I didn't get any messages from email, SMS, or telephone. If someone asks for the seeds, then obviously it's a fraud, because what we know is that we ourselves have to know the seeds.

I'm pretty sure we see this fraudulent trick often, but when you tell it to other people, especially those who don't follow the official trezor notification, it's quite helpful for those who have this hardware.

It's no wonder that scammers have many ways to carry out their actions, one of which is that we must remain vigilant and never give seeds to anyone.

[Upgrade00]

What now remains to be seen is what the actual origin of the data for the phishing campaign is, and whether it is random (but based on a crypto related user list) or specific to Trezor.

My exact reservations. I don't expect that a random scam attempt would be given such attention as this was and for such a scam to be actually effective, it would have to target actual users of Trezor. I could of course be wrong.

As you pointed out, it could be a previous breach or a more recent one.

[BitMaxz]

It's obviously a phishing attempt look why would Trezor send an SMS? When generating a wallet with Trezor it doesn't require adding a phone number so it's weird that you will receive an SMS from Trezor support. Only Newbies/Dumb can mostly victims of such a scheme.

I never receive an Sms like that or any phishing attempt through Text but I mostly receive SMS from Casino. So it's weird that Trezor will send you like that and another thing you will notice is the domain link they provide which is far from the trezor website

[Sarah Azhari]

If you are a Trezor user, did you receive any emails, SMS, or calls from scammers? 

Just confused about, how the scammer finds our phone number to send SMS and calls. I just received a call several days ago with I don't understand the language from a strange phone number, but I am really sure that he make the offer for me, and I don't interesting to continue his call. So how can I block phone number from outside country?

[Rikafip]

Just confused about, how the scammer finds our phone number to send SMS and calls. I just received a call several days ago with I don't understand the language from a strange phone number, but I am really sure that he make the offer for me, and I don't interesting to continue his call.

This leak doesn't have to be from Trezor, as you might have left your phone number somewhere else and they could have leaked it. It can be an exchange or maybe even from that Ledger leak from few years ago. For that reason its a good idea to get virtual phone number (that costs like few dollars) if you want to register on dodgy websites that ask for your phone number.

So how can I block phone number from outside country?

Same as any other phone number, as you have option for that inside your phone call settings.

[Lucius]

I am not a Trezor user and I can say that so far I have not received any SMS or call, and we can only guess where the scammer got the database from. Maybe it's the Ledger database, maybe someone else, and maybe someone hacked the Trezor database, but they're not even aware of it, or they're still pretending it didn't happen.

~snip~
- Don't fall for it because it's fake!
- If you are a Trezor user, don't click on unknown links and answer calls from unknown numbers. It's the oldest trick in the book.

E-mail is the least dangerous here because most of such messages end up in the spam folder anyway, while SMS and calls are something that is far more unsettling to users and can trick them into taking some reckless action. It is easiest to block calls from unknown numbers or even SMS messages in the same way, but not all such calls or messages are malicious.

[Coyster]

Tbh i know that quite a lot of people can fall victim to this kind of scam, that is why anytime i see something like this i don't see the victims as complete dumbasses, because i know how poor (extremely poor) my personal security was before i became a user on Bitcointalk. That's why the first thing i do once i have a friend who uses crypto is to introduce them to this forum, i think it is going to be extremely difficult for a long time user in this forum to fall for something like this.

This kind of scam is quite popular in my country, but their modus operandi is quite different because they use the traditional banking system as bait: you receive a strange call and the person claims to be a worker in your bank telling you that there's some problem with your account that needs to be solved, the scammer goes ahead to request for the sensitive numbers on your ATM card coupled with other details...whenever i get a call like this i usually toy with the scammer by allowing them waste all their time talking, and when he believes he has gotten to me...i end the call with a resounding "fuck you".

[DdmrDdmr]

The site shown in the OP seems to have been taken down by Namecheap, alongside some other different domain names they’ve been using in this campaign, diversifying domain names being used, I figure, in order to try to stay in the game longer.

See: https://twitter.com/dubstard/status/1630634978110259214

Trezor tweeted that the campaign is allegedly atacking people randomly (see also this and this other tweet), based on what seems to be reports made by people receiving the messages whilst not being Trezor customers. Of course the randomness has a basis of at least probably targeting crypto related people, with data obtained from leaks compiled into databases that are out and about.

[Little Mouse]

SMS, email, and even phone.

That's quite strange! Did Trezor have a data breach, I can't remember? Otherwise, how come they get the phone number? Or hacker is calling some random guy from another crypto-related database?

while SMS and calls are something that is far more unsettling to users and can trick them into taking some reckless action.

SMS is a great way of having someone to click if a message can be sent in the name of an official. I have been tricked by this method and lost $300.

Trezor tweeted that the campaign is allegedly atacking people randomly (see also this and this other tweet), based on what seems to be reports made by people receiving the messages whilst not being Trezor customers. Of course the randomness has a basis of at least probably targeting crypto related people, with data obtained from leaks compiled into databases that are out and about.

My bad, I didn't notice this. That means the hacker is targeting random users in terms of trezor customers but it seems they have stolen any other crypto database. Ridiculous how things going on here.

[Pmalek]

It's obviously a phishing attempt look why would Trezor send an SMS? When generating a wallet with Trezor it doesn't require adding a phone number so it's weird that you will receive an SMS from Trezor support. Only Newbies/Dumb can mostly victims of such a scheme.

People who fall victims to obvious phishing scams like this don't really apply that sort of logic. Otherwise, the things you said would be clear to them as well. Although, you do provide Trezor with a phone number when you order their products. But still, don't expect them to SMS or call every single customer.

[Dave1]

Yes, this is the one of the oldest trick in the book. Funny thing is that even if I don't own a Trezor right now, but for sure even those who don't know are getting this kind of text message so it's an obvious scam.

And as per Trezor itself:

-We will never contact you via calls or SMS.