Scammers are sending scam messages to Trezor users

[PrivacyG]

I wonder how in the World do people fall for these.  But then I think more about it and the answer is simple.

They most probably did some thing that got their Email address on to a list of people who own Trezors or Cryptocurrencies.  But if this happened then it means it will be flooded soon enough with Spam.  I have an Email that keeps begging me to claim my rewards worth millions, it keeps telling me all my Cryptocurrencies need upgrades, migrations, all my Wallets are compromised.

There fore I recommend that readers start separating their Email addresses and stop using the same Email for Hardware Wallet orders and other purposes such as registering for Cryptocurrency Casinos, Binance newsletter or what ever else.  Another healthy thing to do is to not click links directly but to instead look for the official website and see if they find the same information there.  Then you already have a few hints about whether the information is legitimate.  Web addresses can be compared between Browser and Email, a Trezor Email sent to a non Cryptocurrency address means clearly Spam et cetera.  It is not very hard and the process only takes more time in the beginning and then you have less to worry about.

[albon]

It's good that the phishing website is no longer working.

For everyone who owns a Trezor wallet be very cautious with emails, as most links sent via email are attempts to steal your wallet and drain your assets.

A single mistake, such as opening a phishing link, connecting your wallet, or signing a transaction, could cost you all your assets in an instant, and no one will be able to help you recover them.

Some may consider this phishing scam is old or easy to detect,, and while that’s true to some extent, but unfortunately, 1 out of 100 people may still fall for it due to rushing to open links or trusting the sender, assuming it’s an official Trezor email.

[Supreme Donvic]

People has fallen victim of clicking fake web site, I really won't blame them because in some case you Knowing the really web site is confusing, so right now what we should be doing is investigation, do a proper investigation of any site you want to visit before you do so you won't fall in the hands of scammers.
OP you have done very well for bringing this information to the forum I believe people in this forum seeing this will be more careful out there, I know some people will not learn with this, I have seen things like this warming people about a particular scam still people will fall victim, like the other day I saw someone complaining about a P2P scam I don't know if he didn't see those other members that where sharing there experience about it and how people should be careful.
Please let's always act smart.

[Hyphen(-)]

This is why its very important to know the official websites, and also check the header of the email if its from the official website, check announcement and newsletters, never click links, from unknown source so that we can avoid being hack by the actors pretending or impersonations, if the message is just new and comes from out of nowhere block them or delete the message without click any links on that message.

All these sorts of impersonations by scammers to get assess to users deed phrase to steal their money from their wallets has been the trend by the scammers, they will clone the website and make some tiny changes that is not easily noticeable by some users who don’t care to check the domain that sent them message, they end up providing some sensitive information that will lead you to get scammed; therefore, we need to be very careful and make sure we do get everything related to wallet, or anything that requires sensitive information in their respective officials to avoid scam.

Furthermore, I think the official website should be in charge of reporting the phishing domains to be suspended so that their customers will no panic any more .

[Floczy]

I wonder how in the World do people fall for these.

App cloning and website cloning is something that is rampant in this modern society. You can be very extremely cautious at the same time, mistakenly click an invite email which may seem to be true.
 

[casey15]

Phishing scams is still  very much active.. one can never be too careful.. Even now that a lot of people are becoming very aware and are practicing ways to help them overcome it, these scammers are getting more creative ...too creative. Anyone who has no idea of the original website URL will easily fall for this and not even be aware because it looks so much like a read domain if a company with the character intact.. we all should stay safe and try to protect our assets as best as we can

[Abu-Naim]

I wonder how in the World do people fall for these.

App cloning and website cloning is something that is rampant in this modern society. You can be very extremely cautious at the same time, mistakenly click an invite email which may seem to be true.
 

App cloning, phasing emails and messages are very common now everywhere, it is not only in crypto space, that’s what scammers are using to get peoples details and money, without you knowing if you are always looking for shortcut to do your things without visiting the site or following due process.

Any mail sent to you in a platform you don’t even have it’s a possible scam, and even if you have account with them taking wallet as example, make sure you verify the domain, know the sender through dip research, confirm the sender and make sure it’s real before attempting to reply the message.

Poole fall for it because the changes or the difference between the cloned website and the original official website isn’t something you can just see, it’s always something very small you will never think of.

[PrivacyG]

App cloning and website cloning is something that is rampant in this modern society. You can be very extremely cautious at the same time, mistakenly click an invite email which may seem to be true.

It also often seems TOO good to be true and people still fall for it.  I really thought the modern society is supposed to be smarter evolving with technology than falling for the most common Scams.  Even if it is bad news delivered by a Scammer pretending to be a large company, it is usually as simple as 'Enter your Seed Phrase for migration' and they still fall for it.  And they were warned when setting up their Trezor.  Probably multiple times.  The Seed Phrase paper they used probably has the warnings printed on it.  And they still become victims.

[avp2306]

App cloning and website cloning is something that is rampant in this modern society. You can be very extremely cautious at the same time, mistakenly click an invite email which may seem to be true.

It also often seems TOO good to be true and people still fall for it.  I really thought the modern society is supposed to be smarter evolving with technology than falling for the most common Scams.  Even if it is bad news delivered by a Scammer pretending to be a large company, it is usually as simple as 'Enter your Seed Phrase for migration' and they still fall for it.  And they were warned when setting up their Trezor.  Probably multiple times.  The Seed Phrase paper they used probably has the warnings printed on it.  And they still become victims.

Some people still fall from those attempt since lots of them lack of information about those attempts made by those scammers.

That's why aside from learning on how to earn from Bitcoin or crypto people must seek for relevant information on how they can protect their self for any scam attempts.

I find it so helpful to read such discussion in forum towards these kind of situation since people would get an idea on how to protect their selves for any future scam attempts that might come in their way.

[Daniel91]

I wonder how in the World do people fall for these.

App cloning and website cloning is something that is rampant in this modern society. You can be very extremely cautious at the same time, mistakenly click an invite email which may seem to be true.
 

App cloning, phasing emails and messages are very common now everywhere, it is not only in crypto space, that’s what scammers are using to get peoples details and money, without you knowing if you are always looking for shortcut to do your things without visiting the site or following due process.

Any mail sent to you in a platform you don’t even have it’s a possible scam, and even if you have account with them taking wallet as example, make sure you verify the domain, know the sender through dip research, confirm the sender and make sure it’s real before attempting to reply the message.

Poole fall for it because the changes or the difference between the cloned website and the original official website isn’t something you can just see, it’s always something very small you will never think of.

Yes, unfortunately there is also the problem that scammers have recently gotten hold of user email lists, like the recent data leak of Ledger device customers, and then they send emails that look like they were sent by the device manufacturer. The safest approach is to completely ignore such emails, as they often request verification of personal information and other data that can be used against us. The safest practice is that if you doubt the authenticity of an email, you should contact the manufacturer's customer support directly.

[Husna QA]

Over the past two days, I've also received emails from fake addresses impersonating Trezor. The first email about 'Quantum-resistant firmware,' while the most recent one was about 'Migrating to SLIP39 Enhanced Security.'

At first glance, the content looks legitimate because it includes warnings about never sharing your recovery seed with anyone.

However, the first thing you should always check to avoid phishing is the sender’s email address and never click any links included in the email. In my case, the emails contained a link to open Trezor Suite directly from the message.






Meanwhile, below is the official Trezor email address that usually sends me legitimate updates and official information from Trezor:

[joniboini]

However, the first thing you should always check to avoid phishing is the sender’s email address and never click any links included in the email. In my case, the emails contained a link to open Trezor Suite directly from the message.

I just want to add that some official emails from many businesses were "breached" in the last few months or so. For example, this one[1]. So if anyone received a suspicious email, even from a legit sender, it's always best to double-check the community to verify the authenticity of its messages.

[1] https://www.malwarebytes.com/blog/news/2025/12/paypal-closes-loophole-that-let-scammers-send-real-emails-with-fake-purchase-notices

[GreatArkansas]

I'm curious how these scammers know people that using Trezor wallets? Or do these scammers just send random emails to random users? Because if they know their target, it means maybe Trezor data got leaked? I didn't hear any news about this lately from Trezor, but if something got leaked, this is alarming.

[Kalchef]

How did the scammers get the Trezor users email address? Because there is no way this will be accurate, they will need the list of buyers who have successfully purchased Trezor wallet from the company before, which makes me believe that the only way to make a sense out of this is if Trezor company is already compromised from the inside.

I can get fake emails from Ledger company but its fake before I don't own a Ledger wallet, and this would have explained that they randomly gathered different email address and sent them those fake mails, but if real Trezor users are the ones getting the Trezor fake mail then something is very wrong.

We have read about company's workers getting compromised many times, they choose to ruin the business and stole from the customers pretending like it was an attack from the outside.

[OcTradism]

I'm curious how these scammers know people that using Trezor wallets? Or do these scammers just send random emails to random users? Because if they know their target, it means maybe Trezor data got leaked? I didn't hear any news about this lately from Trezor, but if something got leaked, this is alarming.

Trezor does not require any email from their users so it's like generic scam attempts like massive email sending around for finding as most potential victims as possible.

Generally, if you are worrying about any compromisation with your emails, you can check possible data leaks with your email addresses.
Use this.
https://haveibeenpwned.com/

For OPSEC, it's recommended to use different email addresses for different purposes, even including throw-away emails when you explore strange websites.

[Husna QA]

However, the first thing you should always check to avoid phishing is the sender’s email address and never click any links included in the email. In my case, the emails contained a link to open Trezor Suite directly from the message.

I just want to add that some official emails from many businesses were "breached" in the last few months or so. For example, this one[1]. So if anyone received a suspicious email, even from a legit sender, it's always best to double-check the community to verify the authenticity of its messages.

[1] https://www.malwarebytes.com/blog/news/2025/12/paypal-closes-loophole-that-let-scammers-send-real-emails-with-fake-purchase-notices

I’m not entirely sure whether Trezor’s official email system has ever had a security breach that was later exploited by scammers to send phishing emails pretending to be from Trezor, like what happened in the PayPal system case mentioned above.

However, if something like that happens in the future, it’s best to remain cautious by not clicking any links in emails suspected of being phishing attempts (also learn how to identify phishing emails). Instead, if anyone receives such an email, they should verify the email through the official support contact listed on the company’s official website, rather than using the contact information provided in the email itself.

To create urgency, the scammers made the emails look as though the target had been charged for some high-end, expensive device. They also added a fake “PayPal Support” phone number, encouraging targets to call in case if they wanted to cancel the payment of had questions

In this type of tech support scam, the target calls the listed number, and the “support agent” on the other end asks to remotely log in to their computer to check for supposed viruses. They might run a short program to open command prompts and folders, just to scare and distract the victim. Then they’ll ask to install another tool to “fix” things, which will search the computer for anything they can turn into money. Others will sell you fake protection software and bill you for their services. Either way, the result is the same: the victim loses money.

[salad daging]

Over the past two days, I've also received emails from fake addresses impersonating Trezor. The first email about 'Quantum-resistant firmware,' while the most recent one was about 'Migrating to SLIP39 Enhanced Security.'

I also received this email a few days ago exactly like this, and today again received an email from Trezor with “Order received” as if I was buying a Trezor device.

When clicked it leads to a phishing site. Maybe many people also receive emails like this.

The sender of the email is fake.

Code:

marketing@revaluate.com

I'm curious how these scammers know people that using Trezor wallets? Or do these scammers just send random emails to random users? Because if they know their target, it means maybe Trezor data got leaked? I didn't hear any news about this lately from Trezor, but if something got leaked, this is alarming.

I did a quick search with information from AI that Trezor had experienced a database leak in 2024 right in January, and from this leak the scammers continued to send phishing emails as if they were genuine.

[Emjay24]

Over the past two days, I've also received emails from fake addresses impersonating Trezor. The first email about 'Quantum-resistant firmware,' while the most recent one was about 'Migrating to SLIP39 Enhanced Security.'

I also received this email a few days ago exactly like this, and today again received an email from Trezor with “Order received” as if I was buying a Trezor device.

When clicked it leads to a phishing site. Maybe many people also receive emails like this.

The sender of the email is fake.

Code:

marketing@revaluate.com

I think this is very simple, if you didn't order anything, then completely ignore it. Scammers would never rest until they get your funds and even when they have it, they keep trying to get more.

The scammer in your case is even very dumb, their email address doesn't even resemble Trezor's in any way and is very easy to dictate.

People would still fall prey to this phishing attack, especially less tech savvy ones. It is also very important that Trezor sends occasional mails to their clients to ignore phishing links, warning them never to share their seed phrases with anybody because they(Trezor) cannot request for such.

[Giwagi56]

This is why its very important to know the official websites, and also check the header of the email if its from the official website, check announcement and newsletters, never click links, from unknown source so that we can avoid being hack by the actors pretending or impersonations, if the message is just new and comes from out of nowhere block them or delete the message without click any links on that message.

One thing that I don't like doing no matter how it is is that I don't click any link that was sent to my email, I know that some will be a good message but I am a person that is very scared and know what I am doing, when it comes to anything online I make sure I never fall into any trap of a scammer, it is only god that can protect us but we should also be careful with what we are doing because small mistake can make us lose what we will never forget in our life.

Scammer will do anything to make sure they scammed people but when if you smart and know how to secure your wallet and not being ungrateful, you will not get scammed, it is very dangerous to receive a message from email and click it just because you think the message is from something that you will gain a profit from.