Another Trezir Phishing Email

[retaur]

Likely related to the thread here

I got an email saying there was a security threat on trezor and some devices were effected (there were obvious mistakes on the website though so anyone familiar with Trezir may be able to do a tiny bit of due diligence on that - if not too stressed by the email).

It's worth noting, trezors update systems are expected to be secure so compromising servers to change installation software on trezors devices to a malicious one should be impossible.

The new sites are
us - blog - trezor [dot] com
And
us - suite - trezor [dot] com

Different from the ones mentioned in the other thread, hence why I thought to make a new one.

[_act_]

There was a time that I received at least three of the scam emails daily. That was at the time I was posting many of the phishing emails on this forum for people to learn from it, but I later stopped because it became a spam on my email. The scammers later stopped but they are still sending at least 1 or 2 of the phishing emails every week. I received at least one or two of the phishing emails this week.

[FinneysTrueVision]

These scams are happening constantly. Almost every day on Reddit, I see people making posts about receiving phishing emails from scammers impersonating Trezor, Ledger or Metamask.

This is why you should use a new email alias for every website you use. If one website has a breach, you can just delete that alias and prevent scammers from contacting you.

[retaur]

There was a time that I received at least three of the scam emails daily. That was at the time I was posting many of the phishing emails on this forum for people to learn from it, but I later stopped because it became a spam on my email. The scammers later stopped but they are still sending at least 1 or 2 of the phishing emails every week. I received at least one or two of the phishing emails this week.

They're mostly filtered straight into my spam but for some reason this one wasn't and appeared in my inbox so thought it might be worth a post.

Upon checkout my spam folder I can see quite a few more of those emails.

[Cricktor]

How about you correct your typo of "Trezir" to correct "Trezor" in your topic subject title? I wonder how people don't see and care about this.

With correctly spelled "Trezor" other users who search with keyword "Trezor" in titles will be able to find your topic. And this is why correct spelling at least in titles matters.

[Pmalek]

This is why you should use a new email alias for every website you use. If one website has a breach, you can just delete that alias and prevent scammers from contacting you.

Doing that could increase the number of email accounts you need to check regularly or sporadically very quickly. A couple of throw-away email accounts connected to everything you don't deem essential should be enough. So even if there is a breach or you start getting unwanted emails, who cares. That email account has no great importance to you and you wouldn't be bothered by the incoming messages.

[Cricktor]

Doing that could increase the number of email accounts you need to check regularly or sporadically very quickly. ...

I use an email provider that allows to extend the email address with +something, e.g. myemailaccount+something@example.com, so I can tie a registration email address to a service by appending some unique service identifier of my choice while still only maintaining one email account.

Mails sent to myemailaccount@example.com or myemailaccount+service123@example.com all end up in the same inbox. If an abuser doesn't remove the +something part then I know, something from that service leaked to unwanted parties.

It's not fool-proof but in my opinion more convenient than dealing with a lot of random aliases.

I also recommend to use an email address that you only use for registration and no other communication. This minimizes chances to end up in other potentially compromised mailboxes and on spammer lists. Any email coming from none of services I registered to is therefore highly suspicious.

[Pmalek]

I use an email provider that allows to extend the email address with +something, e.g. myemailaccount+something@example.com, so I can tie a registration email address to a service by appending some unique service identifier of my choice while still only maintaining one email account.

I have heard that such email providers exist but never done any detailed research on them. It's a neat little trick. If you don't mind, can you tell us the email provider that you use that allows extending the email address with a unique identifier? I don't think it's something you don't want to mention in public, but just in case, you can also PM me.

[Yamane_Keto]

I use an email provider that allows to extend the email address with +something, e.g. myemailaccount+something@example.com, so I can tie a registration email address to a service by appending some unique service identifier of my choice while still only maintaining one email account.

I have heard that such email providers exist but never done any detailed research on them. It's a neat little trick. If you don't mind, can you tell us the email provider that you use that allows extending the email address with a unique identifier? I don't think it's something you don't want to mention in public, but just in case, you can also PM me.

Proton Mail aliases (a randomly-generated email address that forwards emails to your main inbox)
can easily delete or disable them in the future, and they are useful in cases of spam and hacking of these services.

It is better than name+site because it generates random email addresses and your primary email address cannot be found.

[Cricktor]

...

The feature is called plus addressing, subaddressing or tagging and I use that with Gmail, Proton Mail and Posteo accounts. There are sometimes restrictions with sending emails from such subaddressing email addresses, depending on the particular email provider.


A quick Google search gives me the following list of major^[1] mail providers that claims they support this feature (I haven't verified it for most of them, especially those which I don't personally use myself):
Gmail, outlook.com, Microsoft 365 (Exchange Online), Proton Mail, Fastmail, iCloud (Apple), Yahoo Mail, mailbox.org, posteo.de, mail.de, mail.com

For a self-hosted mail server, I know from first-hand experience that Mailcow does support it, too.

Some (stupid) services don't allow a '+' in the email address you try to register with which in my opinion is a violation to valid email address rules. But what can you do if their stupid email address parsers hiccup...

...

From a privacy viewpoint you're right but to my knowledge the lower tiers of Proton Mail only have a very limited number of usable privacy friendly email aliases (only 10). You need a quite high tier to have an unlimited number of aliases, IIRC.


^[1] The list is likely non-exhaustive and is what the Google search AI spit out when I aimed to get a quick overview. Take it with the necessary grains of salt.

[Coiner.de]

You can also have entire subdomains.

Unlimited Subdomain Email Addresses

    Every account includes unlimited email addresses at your own unique subdomain

    You can use any address @yoursubdomain.neomailbox.ch, or @yoursubdomain.neomailbox.net or @yoursubdomain.neo.email.

    You can block and unblock aliases at will

[DaveF]

Hate to say it but if I don't get at least 1 Trezor and 1 Ledger and 1 coinbase phish a day I check to see if my email server is working.
I figure the server is probably offline if I don't get them. Just so many keep coming that it's a joke at this point.

Makes you wonder how many people fall for things like this.


-Dave

[Pmalek]

Hate to say it but if I don't get at least 1 Trezor and 1 Ledger and 1 coinbase phish a day I check to see if my email server is working.
I figure the server is probably offline if I don't get them. Just so many keep coming that it's a joke at this point.

Makes you wonder how many people fall for things like this.

Enough for the scammers to keep going and/or inventing new ways to find other victims. The number of phishing victims isn't what's important. From a scammer's perspective, they would rather trick one person into giving them the keys to $1 million worth of bitcoin than trick 10 victims and stealing $1000 worth of bitcoin from each. Ten times less phishing victims can still be more profitable than ten times more.

The average person is so damn uncareful, it's unbelievable. My brother-in-law wanted to show me a video on his phone a few days ago from some weird website. He was opening it as I was watching the screen and some pop-ups started appearing. His reaction was, "what is this?" He started clicking everywhere just to try and get rid of them, without even reading or considering what he might do. Each of those clicks could have downloaded or installed something, provided certain permissions, subscribed to something, etc., but he doesn't care. He is just looking for the quickest way forward.

[Lucius]

Hate to say it but if I don't get at least 1 Trezor and 1 Ledger and 1 coinbase phish a day I check to see if my email server is working.
I figure the server is probably offline if I don't get them. Just so many keep coming that it's a joke at this point.
Makes you wonder how many people fall for things like this.
-Dave

It seems to me that most of these emails automatically end up in spam, and maybe about 10% end up in the main inbox. I report everything that arrives in my main inbox as spam, so I hope that I have protected some future recipients from seeing such messages at all.

There is certainly a certain percentage of people who fall for those cheap scam messages, but somehow it seems to me that the real targets are the targeted individuals who are worth much more than the average person who has a few hundred or thousand dollars worth of cryptocurrencies.

Social engineering takes more time, but when you look at all those farms with people they discover in Thailand, Cambodia, Myanmar, Laos and Vietnam where hundreds of people are forced to do just that, then it's clear where the biggest threat comes from.