[Warning] Trezor users are receiving fake emails with phishing links.

[ScamViruS]

Trezor users are also receiving fake emails, Trezor has already tweeted about this and asked all users to stay safe. These activities of scammers have increased in recent times and they are trying to trap Trezor users. Trezor officials have not released any information on whether the scammers were successful in this attempt. So be safe, now if you get any wallet related email you should verify the official information before clicking on any link.

Source : https://twitter.com/Trezor/status/1750223673506558146

[1714486430]

1714486430

[1714486430]

1714486430

[Charles-Tim]

I got the email 4 hours ago:




I easily knew it was fake from the URL link:



I looked for recent Trezor update but I did not see anything like that. Although, I was not expecting it because I knew it was fake from the link.

I am not a Trezor user but I subscribed with an email to their newsletter or something in the past that caused it. This is how this company easily leaking customers email to scammers.

Although, the site was not working when I clicked on it but it is very important for people to avoid the link and not click on it at all.

[Dunamisx]

The best to do as at now is to ensure we make an accurate verification on mails received in claim of the target they have at hand, it could be any other wallet, exchange or platform that could be attacked through their physhing mails, the more reason why we keep emphasizing in that we shouldn't click on any unsolicited link, especially the ones not coming from the official paltforms

[hd49728]

Don't trust all information you received through email. Because if something is big, it will be announced on the website, social media accounts like X, blog and emails.

We must check information in emails with other channels and see is the information in email matches with other sources. If not, it is like the email is a phishing one.

Because you receive the email, you can check your email address with https://haveibeenpwned.com/

If Trezor allows you to change your email address, and if yours was pwned, changing that email address to a new one is helpful.

[General_Bitcoin]

There is no doubt this is troubling time because I also received an email, but good thing happen I not click on this and deleted because through social media I already have few warnings from my social media friends about this all now reading here mean things are not going well sometime back I already lost my skrill account because I have done one mistake and click on one suspicious link which create problems for me and I also lost my $5000 in this account which is now not refundable as skrill blocked my account.

I really appreciate we have this problem here and now many can check emails before clicking links which are creating problems and members are losing their hard-earned money quickly.

[nelson4lov]

Don't trust all information you received through email. Because if something is big, it will be announced on the website, social media accounts like X, blog and emails.

We must check information in emails with other channels and see is the information in email matches with other sources. If not, it is like the email is a phishing one.

Because you receive the email, you can check your email address with https://haveibeenpwned.com/

If Trezor allows you to change your email address, and if yours was pwned, changing that email address to a new one is helpful.

Social media platforms like X is no longer to be trusted these days; even discord. X and Discord feels like the easiest to be compromised these days and it takes just 1 link from a compromise account to screw a lot of users not to mention the influx of scammers on X that appears like the real thing or organization only to be scammers with phishing URLs. I almost feel for one yesterday even though I'm very security conscious. It's a miracle these days not to fall into any of these scams.

The best thing is always to understand context: For instance, why would a hardware wallet provider send updates over an email or X post? Scammers getting very smart, we have to get 2x smarter to stay ahead  

[Churchillvv]

I believe this emails from scammers was prompted by the information of users that was compromised on the 17th of this month which is the hack of Trazor third party.

@Learn bitcoin was right on what he said below. 

Even though they have regained access to their support center, the hacker still has a chance to use email spoofing and send emails to those Trezor users and try various hacking attempts like sending malware and asking them to download, or asking them to use new web portal which could be phishing and numerous more methods they may try. There are still a few percentage of people who might believe those emails and try those things.

Well it's good to let people know about this current situation, I'm not a trazor user but I'm always concern in knowing all this kind of event because in less than no time I will purchasing a hardware wallet and will not want to face this kind of risk using them.

[Dr.Bitcoin_Strange]

Last two weeks, similar emails were flying around for trust wallet users, and I don't think there was any news by the trust wallet developers to warn their customers of such a threat, or they probably were not aware of such phishing mail to their customers.

This is really a great update for those using Trezor wallets, and it really would prevent some people from falling victim. That was also how a thread was created last week regarding the phishing email that TrustWallet users are receiving.

Scammers are really upgrading their strategies all the time, and it is also necessary for us all to be alert. Don't respond to emails that you are not expecting; even if you have to, make sure that the information on the mail is accurate and coming from the right source.

[examplens]

I'm not sure who takes care of emails in the Trezor, but a similar thing happened with several other services, at least those who said so publicly, CoinTelegraph, WalletConnect, Token Terminal, and De.Fi.
It is a hack of the MailerLite service, an infected computer of an employee (who's trying to execute an infected software) with accesses to sensitive URLs within MailerLite and its third parties.

https://www.infostealers.com/article/mailerlite-hack-leads-to-massive-cryptocurrency-theft-an-exploit-or-an-infostealer-infection/
https://cointelegraph.com/news/how-it-all-went-down-web3-protocol-mass-phishing-campaign-timeline

[hd49728]

Social media platforms like X is no longer to be trusted these days; even discord. X and Discord feels like the easiest to be compromised these days

I knew risk of social media and if we only rely on social media accounts for important information, it is wrong at the start. It's only time when nightmare will come with us.

You see, I recommended in my post that visit the official website is a first step, then social media. Or you can follow those services' social media accounts, just to get notifications. After that, you must verify those notification information by visiting official websites.

it takes just 1 link from a compromise account to screw a lot of users not to mention the influx of scammers on X that appears like the real thing or organization only to be scammers with phishing URLs. I almost feel for one yesterday even though I'm very security conscious. It's a miracle these days not to fall into any of these scams.

People only need to have basic knowledge to protect themselves from scammers. Sometimes they have knowledge but carelessness and greediness harm them.

Discord & scammers. Check user IDs and user colors of strangers send you PMs

[paid2]

I'm surprised at how little noise this is making when you compare it to the same situation Ledger experienced a few years ago. It's strange how different the media and the community as a whole reacted in both situation Ledger/Trezor, which are almost the same (a leak/hack of their customers database).

In any case, you have to be careful and not use your personal data when ordering a hardware wallet. I'm glad I didn't use my personal details when I ordered my Ledger back then, and my Trezor last year. 66,000 doxxed users is not nothing.

[Darker45]

Reading some comments here, it seems that the news stating that the breach only gained access to their support ticket database is wrong. Some users who got the phishing email aren't even Trezor users. They didn't contact Trezor support either.

Anyway, the key is to never reveal seed phrases to anybody, even if that person claims to be an official staff of Trezor, even if that is an official email or that is a communication coming from a verified social media account of Trezor.

There are already those who clicked on the phishing link. Lucky for them, the link itself is harmless. It's the form where the link leads to that is vital. It asks for the seed phrase.

[BABY SHOES]

I just found out today's news because I don't always monitor X trezor on a scale but this time I was surprised that there was a phishing attack that had been compromised.

But so far I did not receive any email about this or upgrading the firmware and I will not believe it if it is not wrong, of course I will always be careful in this matter even though it comes seemingly from trezor email but should be more sure at X official or original website.

Yes the most important thing is don't give the seed phrase to anyone unless only you know.

[lovesmayfamilis]

Reading some comments here, it seems that the news stating that the breach only gained access to their support ticket database is wrong. Some users who got the phishing email aren't even Trezor users. They didn't contact Trezor support either.

Anyway, the key is to never reveal seed phrases to anybody, even if that person claims to be an official staff of Trezor, even if that is an official email or that is a communication coming from a verified social media account of Trezor.

There are already those who clicked on the phishing link. Lucky for them, the link itself is harmless. It's the form where the link leads to that is vital. It asks for the seed phrase.

That's right. Fraudsters send such letters even to those who are not at all connected to crypto. These email addresses were probably either purchased somewhere or hacked. Therefore, there is often talk about limiting the publication of your email wherever it is proposed to do so. At least secure your email addresses, which may be very important to you.

[_act_]

If Trezor allows you to change your email address, and if yours was pwned, changing that email address to a new one is helpful.

How is it going to be helpful? So that hackers will later know the email again and start sending phishing messages. The best is to unsubscribe from the newsletter. You can unsubscribe from the email messages. All what that you will do is to scroll down the email message and you will see unsubscribe, click on it and do not receive email from the again. They are careless with people's email.

[Zaguru12]

How is it going to be helpful? So that hackers will later know the email again and start sending phishing messages. The best is to unsubscribe from the newsletter. You can unsubscribe from the email messages. All what that you will do is to scroll down the email message and you will see unsubscribe, click on it and do not receive email from the again. They are careless with people's email.

Deactivating the newsletter will be ok but that won’t stop this kind of phishing attack because it doesn’t seems like some of these people actually gets this emails from the likes of Trezor it self because some others that received the mail aren’t even Trezor users and there are also other wallets too that are currently warning their users too about the attack, so this doesn’t seem like a Trezor issue only but definitely the newsletter deactivation will be ok but wouldn’t solve the problem.

I'm surprised at how little noise this is making when you compare it to the same situation Ledger experienced a few years ago. It's strange how different the media and the community as a whole reacted in both situation Ledger/Trezor, which are almost the same (a leak/hack of their customers database).

Its simple one has already gotten a very bad reputation already from the day they brought that recovery process which didn’t seemed welcomed at all to the community and after then they have been facing so many challenges of phishing attacks and as such whenever the company faces any again it causes uproar because many people have been warning against the use of it, so they quickly spread information to back up their claims. It’s nothing new Ledger is already at the center stage of this all and I don’t think they will ever get that reputation back ever again

[Lida93]

But so far I did not receive any email about this or upgrading the firmware and I will not believe it if it is not wrong, of course I will always be careful in this matter even though it comes seemingly from trezor email but should be more sure at X official or original website.

Yes the most important thing is don't give the seed phrase to anyone unless only you know.

Not just you mate even some other trezor users didn't receive the phishing message which could mean that the messages were sent randomly to the trezor users. From what I read on their official account on X they advise their users to delete the messages and we should stay vigilant for phishing attempts but one thing is that they didn't tell us how we are to stay stay vigilant so based on this, unsubscribing from their newsletter/email messages is the safer option right now, because from all what hàs happened it's obvious trezor can't guarantee absolutely security and privacy  of users data away from hackers/leak leading to phishing attack on users.

And for users we should be keen to taking steps to verify the genuineness of messages we receive if they are actually from the right source before doing whatever the message is requiring from us so that we don't out of laziness to verify from other sources fall victim to scam.

I think what trezor needs to do now to reassure users is to find out what led to this attack or leak and deal with the problem against repeating in the future. Just a warning isn't enough.

[Davidvictorson]

One of my friends who works in IT sometime ago told me that email is essentially more dangerous than it is useful. And with all the phishing scams that has been perpetrated via emails, I couldn't agree more. If my memory serves me correctly, I know that there has been Binance, Coinbase, and now Trezor phishing scam via emails.

Glad that Thymos may have thought about this and didn't make the use of email to register on the forum mandatory.

Reading a sample of the email sent to Trezor users  in the OP, we can perceive the sense of urgency and those who may have fallen victims to it happened because they first freaked out and at that point, they lost focus as well as their ability to spot the warning signs.

These are indeed old tricks that people should be aware of but are not. I think that these companies should do more in educating their customers on how to identify phishing emails. It is more cost effective than fixing the problem when it has already happened.

[FatFork]

If Trezor allows you to change your email address, and if yours was pwned, changing that email address to a new one is helpful.

How is it going to be helpful? So that hackers will later know the email again and start sending phishing messages. The best is to unsubscribe from the newsletter. You can unsubscribe from the email messages. All what that you will do is to scroll down the email message and you will see unsubscribe, click on it and do not receive email from the again. They are careless with people's email.

The only way this can be helpful is that you will then know that any emails that continue to arrive at the old address, and present themselves as if they are from Trezor, are potential phishing scams. On the other hand, you will still be able to receive new official announcements to your new address. Of course, this will also potentially expose your new address to a future leak, should there be any.

[Learn Bitcoin]

@Learn bitcoin was right on what he said below. 

Even though they have regained access to their support center, the hacker still has a chance to use email spoofing and send emails to those Trezor users and try various hacking attempts like sending malware and asking them to download, or asking them to use new web portal which could be phishing and numerous more methods they may try. There are still a few percentage of people who might believe those emails and try those things.

This was my basic assumption. If hackers get a list of specific service users, I am sure they will try to trick them. Approx 66000 users' data were leaked from the hack. But, how many of them are aware that their data has been stolen? Almost 90% of them don't know that their data has been stolen and they may face some critical threats. This is unfortunate. Even though Trezor started to give warnings to their users, yet there will be users who may fall for those phishing scams.

Well it's good to let people know about this current situation, I'm not a trazor user but I'm always concern in knowing all this kind of event because in less than no time I will purchasing a hardware wallet and will not want to face this kind of risk using them.

You should have some basic understanding of how social engineering works and how phishing works. When a user open their wallet for the first time, it says never share your seed phrase and the private key with anyone. That include Trezor or any other wallet providers as well.