Trezor Customers Targeted With Phishing Scams
Trezor Wallet Owners Are Targeted by False Data Breach Reports
The owners of Trezor, a popular manufacturer of cryptocurrency hardware wallets, have been the target of fake emails about data breaches, according to a tweet from the Prague-based company.
The incident was linked to the popular email marketing service platform Mailchimp, which has been compromised by an insider to send malicious links to cryptocurrency companies.
The users who have subscribed to one of Mailchimp’s newsletters have received a slew of fake notifications. Fraudsters, posing as the Trezor team, warned that their potential victims’ cryptocurrency assets could be stolen as a result of a massive security breach.
The bad actors behind the scam tried to trick the recipients of the aforementioned emails into downloading a fake version of Trezor Suite software from a rogue domain that looks like the real deal and tricking them into entering their seed- sentence.
The fake domain name contained Punycode characters, which allowed the hackers to add a layer of legitimacy to the fake app.
According to beeping computer, the crooks created a fraudulent version of Trezor Suite that at first glance is almost indistinguishable from the real one. To warn potential victims, the app even included a legitimate-looking warning, urging users not to enter their recovery seed in the wake of recent phishing attacks (unless the physical device tells them to). Image by bleepingcomputer.com
The recovery seed is the most crucial element of any wallet. It is a list of words that will help you easily regain access to someone’s cryptocurrency holdings. The rule of thumb is to never enter your seed phrase on a site. Nevertheless, there have been countless victims who have been careless and ignorant enough to reveal their seed sentences.