Another Trezor Scam Attempt!

[dkbit98]

Word of warning to everyone who is using Trezor devices, watch out for new wave of scam attempts!
I just received email that I should update my Trezor and ''enhance my security with secure ease''.
Luckily I learned my lesson long timr ago and I don't click any links, even if they are legit, before I check them.

This is the hidden website I was redirected to go:

Code:

lap-log.com

You can see it was created by someone from Jakarta, Indonesia:

Code:

Domain Name: LAP-LOG.COM
Registry Domain ID: 2035734747_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.resellerid.com
Registrar URL: www.resellerid.com
Updated Date: 2024-04-30T04:31:34Z
Creation Date: 2016-06-16T05:30:03Z
Registrar Registration Expiration Date: 2025-06-16T05:30:03Z
Registrar: PT Ardh Global Indonesia
Registrar IANA ID: 1503
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: Not Available From Registry
Registrant Name: LAP
Registrant Organization: LAP
Registrant Street: Plasa Pasifik Kelapa Gading   
Registrant City: Jakarta Barat
Registrant State/Province: Jakarta
Registrant Postal Code: 15122
Registrant Country: ID
Registrant Phone: +62.8568410111
Registrant Phone Ext: 
Registrant Fax: 
Registrant Fax Ext: 
Registrant Email: email@yahoo.com
Registry Admin ID: Not Available From Registry
Admin Name: LAP
Admin Organization: LAP
Admin Street: Plasa Pasifik Kelapa Gading  
Admin City: Jakarta Barat
Admin State/Province: Jakarta
Admin Postal Code: 15122
Admin Country: ID
Admin Phone: +62.8568410111
Admin Phone Ext: 
Admin Fax: 
Admin Fax Ext: 
Admin Email: email@yahoo.com
Registry Tech ID: Not Available From Registry
Tech Name: LAP
Tech Organization: LAP
Tech Street: Plasa Pasifik Kelapa Gading  
Tech City: Jakarta Barat
Tech State/Province: Jakarta
Tech Postal Code: 15122
Tech Country: ID
Tech Phone: +62.8568410111
Tech Phone Ext: 
Tech Fax: 
Tech Fax Ext: 
Tech Email: email@yahoo.com
Name Server: ns1.houseofbran.com
Name Server: ns2.houseofbran.com
DNSSEC: Unsigned
Registrar Abuse Contact Email: email@resellerid.com
Registrar Abuse Contact Phone: +62215384398

https://www.whois.com/whois/lap-log.com

This is the content of phsihing email I received from fake trezor, and it came from email address secureeasy@no-reply.aplicant.ch




Don't fall for stupid scam like this, don't blindly click link, and only update Trezor from official sources.

[Ojima-ojo]

Word of warning to everyone who is using Trezor devices, watch out for new wave of scam attempts!
I just received email that I should update my Trezor and ''enhance my security with secure ease''.
Luckily I learned my lesson long timr ago and I don't click any links, even if they are legit, before I check them.

The thing is if you verify the email you will discover that that message is not from Trezor's official email also we need to be constantly on the lookout for phishing emails to I don't reply to emails if I don't request for it, to be at the safer side, a lot of time, many that fall for this kind of scam did not do their due diligence checks and their lack the knowledge to spot the red flags just like you did.


Thank you for bringing this up here!

[un_rank]

The email address is such a big teller in this case, I wonder if there are actually people who can fall for a scam like this.

It always helps to stop, take a breath and think before you act. Acting in a haste will very likely lead you to make a mistake and can lead to losses.

- Jay -

[batang_bitcoin]

This scam attempt also happens in Ledger users, I think the same tactic is being done and they want the users of both hardware wallets to direct into the phishing site that they are attaching at that email. If someone is new and have read this kind of message, they'll blindly click it and more likely to input the seeds that they'll ask through that link. If there is no form, they might require victims to download malware.
Thanks for this reminder OP.

The email address is such a big teller in this case, I wonder if there are actually people who can fall for a scam like this.

Sadly there will still be victims of it and that's why they never stop in attempting.

[promise444c5]

The email address is such a big teller in this case, I wonder if there are actually people who can fall for a scam like this.

Sure there would, he knew just from experience(as he mentioned above) and he has the knowledge about it, what about someone with just basic knowledge of just holding Bitcoin On their HW wallets.
Good that he is  creating the awareness because the template design looks pretty much convincing at first glance, I don't know how trezor email templates  looks like but they must have tried to immitate  it... the sent out could even be in bulks, hopefully this save someone.

[Davidvictorson]

The email address is such a big teller in this case, I wonder if there are actually people who can fall for a scam like this.

The sense of urgency in the email is a factor that will make people fall for the scam. Another factor is that people don't read to understand so they miss the details and so fall for the scam.

It always helps to stop, take a breath and think before you act. Acting in a haste will very likely lead you to make a mistake and can lead to losses.

Thinking before the actual act is the hardest thing to do in that instance. It seems people just lose their sense of thinking and they feel like at that moment they are in competition with other people to click on the link first to get some reward and this is also what leads to losses as well.

[dkbit98]

The email address is such a big teller in this case, I wonder if there are actually people who can fall for a scam like this.

Sure they can, or they would not release new scams all the time.
They intentionally used this email address because they included the same words into trezor page as part of their service.
I saw scammers using punnycodes and making very similar domains and emails, so they are trying different things to scam people.

[libert19]

'dear user' is red flag. Although, writing is pretty decent compared to usual scam mails.

By the way, what are you asked to do upon clicking link? Are you asked to enter seed? Couple years ago, I followed one such mail and it dawned me only later that it was phishing mail when it asked me to enter seed.

[Judith87403]

Word of warning to everyone who is using Trezor devices, watch out for new wave of scam attempts!
I just received email that I should update my Trezor and ''enhance my security with secure ease''.
Luckily I learned my lesson long timr ago and I don't click any links, even if they are legit, before I check them.

This is the hidden website I was redirected to go:

Code:

lap-log.com

You can see it was created by someone from Jakarta, Indonesia:

Code:

Domain Name: LAP-LOG.COM
Registry Domain ID: 2035734747_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.resellerid.com
Registrar URL: www.resellerid.com
Updated Date: 2024-04-30T04:31:34Z
Creation Date: 2016-06-16T05:30:03Z
Registrar Registration Expiration Date: 2025-06-16T05:30:03Z
Registrar: PT Ardh Global Indonesia
Registrar IANA ID: 1503
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: Not Available From Registry
Registrant Name: LAP
Registrant Organization: LAP
Registrant Street: Plasa Pasifik Kelapa Gading   
Registrant City: Jakarta Barat
Registrant State/Province: Jakarta
Registrant Postal Code: 15122
Registrant Country: ID
Registrant Phone: +62.8568410111
Registrant Phone Ext: 
Registrant Fax: 
Registrant Fax Ext: 
Registrant Email: email@yahoo.com
Registry Admin ID: Not Available From Registry
Admin Name: LAP
Admin Organization: LAP
Admin Street: Plasa Pasifik Kelapa Gading  
Admin City: Jakarta Barat
Admin State/Province: Jakarta
Admin Postal Code: 15122
Admin Country: ID
Admin Phone: +62.8568410111
Admin Phone Ext: 
Admin Fax: 
Admin Fax Ext: 
Admin Email: email@yahoo.com
Registry Tech ID: Not Available From Registry
Tech Name: LAP
Tech Organization: LAP
Tech Street: Plasa Pasifik Kelapa Gading  
Tech City: Jakarta Barat
Tech State/Province: Jakarta
Tech Postal Code: 15122
Tech Country: ID
Tech Phone: +62.8568410111
Tech Phone Ext: 
Tech Fax: 
Tech Fax Ext: 
Tech Email: email@yahoo.com
Name Server: ns1.houseofbran.com
Name Server: ns2.houseofbran.com
DNSSEC: Unsigned
Registrar Abuse Contact Email: email@resellerid.com
Registrar Abuse Contact Phone: +62215384398

https://www.whois.com/whois/lap-log.com

This is the content of phsihing email I received from fake trezor, and it came from email address secureeasy@no-reply.aplicant.ch




Don't fall for stupid scam like this, don't blindly click link, and only update Trezor from official sources.

Thank you so much for your information is actually a nice one, More especially for those that start using the internet recently we need to be extremely careful so as to avoid being a victim to them. Of course clicking an unknown link is very risky because their are some links you will click probably after clicking the Link you will start experience some difficulties in login in your account, I have seen it happening countless time.

And also being careful with the kind of site we join that will involve putting our email because thier intention might be just to get access to our email which is why we need to be very careful with those malicious site.

[Saint-loup]

Fortunately, the phishing website  doesn't seem to be online anymore. Anyway it would be interesting to know how they've been able to get OP's email and how they've been able to know he was using a Trezor hardwallet. Is it a breach from Trezor or they've been able to guess from other sources of informations? Anwyway it's concerning for other Trezor's customers.

[un_rank]

... Anyway it would be interesting to know how they've been able to get OP's email and how they've been able to know he was using a Trezor hardwallet. Is it a breach from Trezor or they've been able to guess from other sources of informations?

There was a phishing attack affecting Trezor some months back which led to potential email leaks of thousands of users and that would have been sold repeatedly in the black market and could be the reason why Op got that mail. It could also be a random email to lots of people with the hope that some of them will be Trezor users.

- Jay -

[BitMaxz]

Newbies are easy to fall into this kind of phishing attack if I am the one who receive it first thing that I need to check is the email who sent it.

On the first glance in the email "secureeasy@no-reply.aplicant.ch" it shows that it came from an unknown source, meaning that is the first red flag and the second red flag is by checking the link or the site; if ever, just copy the link from the email and then use a redirect checker, or WhereGoes should provide you details where it will go if it redirects to an unknown site that's a red flag.

I tried to check this email, and according to Google, .ch domain are officially domains of Switzerland, so maybe the info from the site is fake and the scammer is not living in Jakarta but in Switzerland. What do you think?

I got the same thing when trying to access it using browsling it seems they changed something on the backend, or maybe the site is accessible only in selected countries only?

[dkbit98]

Fortunately, the phishing website  doesn't seem to be online anymore. Anyway it would be interesting to know how they've been able to get OP's email and how they've been able to know he was using a Trezor hardwallet. Is it a breach from Trezor or they've been able to guess from other sources of informations? Anwyway it's concerning for other Trezor's customers.

I used one of my temp email addresses just for receiving news and updates from Trezor newsletter, so this is not connected with my personal information at all.
It's interesting that few days ago I also received email from official Trezor about canceling my purchase of their new Freedom Edition device, even if never actually tried to make that purchase.

[Aanuoluwatofunmi]

I used one of my temp email addresses just for receiving news and updates from Trezor newsletter, so this is not connected with my personal information at all.
It's interesting that few days ago I also received email from official Trezor about canceling my purchase of their new Freedom Edition device, even if never actually tried to make that purchase.

This is weird, i never expect to see trezor being their next target, am sire this cannot be coming from them, but the hackers are very smart at impersonation, in situations whereby they make it looks as if you're talking to the official intended platform they have hacked, now this is where we put into practice what we have learnt about crypto, it security measure and how we should not be too greedy in believing upon everything we received online, some could be detestable by us, and in some cases, we may have to verify the authenticity of the information received because taking action, just imagine you winning something you never applied for, how possible, this is where some never pay attention to as loopholes before falling for it.

[BABY SHOES]

Surprised that this phishing site was created by someone from my own country (Indonesia) Jakarta is the capital city of... So it's very sad to listen to it.

Maybe these scammers have gotten a lot of emails from leaked data or purchased data and then spread the phishing site as if it is legitimate from the original Trezor.

Even if you don't receive this email, you will still be vigilant to check the details to avoid making the same mistake.

Thanks for sharing.

[albon]

I used one of my temp email addresses just for receiving news and updates from Trezor newsletter, so this is not connected with my personal information at all.

This is an important tip for beginners, which is that when subscribing to the newsletter and promotions, they can use a dedicated email for this, whether when purchasing a wallet from Trezor or any other company.

Indeed, MailChimp, which is the platform responsible for marketing newsletters to Trezor customers via email, was breached three years ago ^[Source], which led to the database of many customers’ emails being exposed and receiving these phishing sites. Therefore, beginners should know that Trezor only sends messages from email addresses that end with @trezor.io or @satoshilabs.com. Any suspicious phishing websites can be easily reported to their team at <security@ trezor.io> to have them taken down.

[Alphakilo]

Surprised that this phishing site was created by someone from my own country (Indonesia) Jakarta is the capital city of... So it's very sad to listen to it.

These scams originate from different countries worldwide including the western countries.
Do not feel sad about it. The will continue to be people who are not as patrioitic as you are and will do everything to ruin the image of  their countries.

It is easy to even get leaked data or purchased data nowadays. If they send more emails there will be at least two people who falls it. Those are the ones that wll not be able to tell an original from a fake Trezor.

[adultcrypto]

Thanks for sharing this information, it is so helpful because people can easily fall for this scam. But I feel the scam is actually armature because a careful analysis of the setup will easily reveal this to be a scam. Let me ask, will the only way to consider such update be when the prompt is coming from within the application itself or from the official repository? I'm asking because scammers are becoming too sophisticated and it is looking extremely difficult knowing what to trust now.

[BABY SHOES]

Surprised that this phishing site was created by someone from my own country (Indonesia) Jakarta is the capital city of... So it's very sad to listen to it.

These scams originate from different countries worldwide including the western countries.
Do not feel sad about it. The will continue to be people who are not as patrioitic as you are and will do everything to ruin the image of  their countries.

It is easy to even get leaked data or purchased data nowadays. If they send more emails there will be at least two people who falls it. Those are the ones that wll not be able to tell an original from a fake Trezor.

Yep... so many scams from different countries, but just a little surprised by this news, despite seeing it here with many reports.

Imagine the hundreds of emails that were sent with this false information... and they managed to get a victim from phishing through this email maybe the scammers have made a profit.

[dkbit98]

Beware everyone, here goes another fake Trezor emails sent by scammers!
This time they are claiming some vulnerability and patch needed for critical secure update, but that is malware so don't click or download anything.
Email was sent from interesting address:

Code:

info@car.com.au

SCAM!