Bitcoin Forum>Economy>Trading Discussion>Scam Accusations
Author

Topic: [WARNING] PHISHING - Trezor Typosquatting Domain (Read 238 times)

mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
[WARNING] PHISHING - Trezor Typosquatting Domain
February 13, 2020, 09:30:08 PM
#8
Quote from: 20kevin20 on February 13, 2020, 03:46:29 AM
Very easy trap for newbies, maybe even for intermediate users.

Most wallets require you to rewrite the seed after saving it in order to make sure it's the correct one. It's easy to mistake that assurance step for this one.

If a person thinks of him/herself as an "intermediate user" and gets scammed by voluntarily handing over his/her wallet's backup phrase, I don't think he/she deserves the title "intermediate user". Tongue There's a big difference of storing the keys for yourself and handing it over to a central authority, regardless who that central authority is.
20kevin20
legendary
Activity: 1134
Merit: 1598
Re: [WARNING] PHISHING - Trezor Typosquatting Domain
February 13, 2020, 03:46:29 AM
#7
Quote from: minairia3 on February 12, 2020, 11:52:19 PM
I dont own a trezor but this kind of fill up form is literally an obvious scam. What the hell, why the user need to confirm its phrase so the data will not be corrupted and damage. Pretty lame to fall with the likes of this scheme.

Very easy trap for newbies, maybe even for intermediate users.

Most wallets require you to rewrite the seed after saving it in order to make sure it's the correct one. It's easy to mistake that assurance step for this one.
minairia3
sr. member
Activity: 1498
Merit: 326
Vave.com - Crypto Casino
Re: [WARNING] PHISHING - Trezor Typosquatting Domain
February 13, 2020, 01:53:54 AM
#6
Quote from: masulum on February 13, 2020, 12:11:41 AM

Phishing wouldn't make our money lost just by clicking, but it will do if member login with their credential on this sites such as Privatekey and phassphrase, and phishing web owner can duplicate that key and password. When he was duplicated user credential, its easy to him/she stealing user money.

I see maybe I'm just thinking of a super efficient hacking approach that could easily planted some virus that could automatically steal our funds by just a short period of time by clicking and browsing on their fake site. Anyway, thanks for the heads up about these typos. I'm sure those have trezor would always check the security cause of this list is kinda scary to use search engine and just click what youre looking. Maybe bookmarked always is the best way at least.
masulum
legendary
Activity: 2324
Merit: 1604
hmph..
Re: [WARNING] PHISHING - Trezor Typosquatting Domain
February 13, 2020, 12:11:41 AM
#5
Quote from: mk4 on February 12, 2020, 11:34:45 PM
This is a reminder that if you own a decently big business(especially concerning finance) that it would be heavily beneficial to also purchase the typo-domains(at least the close ones like trezoe/trezpr) to protect your users.

I agree with you, many companies buy several domain to safe their customers from scam or phishing because of typos. trezoe and trezpr it the most potential typos doing by user if trezor buy this domain too, it will safe lot of user.

Quote from: minairia3 on February 12, 2020, 11:52:19 PM

Typo is an inevitable mistake I believe but does this really make your fund loss right away just by clicking? Normally a virus site pinpoint you directly to another browser and that's where the stealing of info begins. But how long before they can gain access your files when you already closes the fakd browser?

Phishing wouldn't make our money lost just by clicking, but it will do if member login with their credential on this sites such as Privatekey and phassphrase, and phishing web owner can duplicate that key and password. When he was duplicated user credential, its easy to him/she stealing user money.
minairia3
sr. member
Activity: 1498
Merit: 326
Vave.com - Crypto Casino
Re: [WARNING] PHISHING - Trezor Typosquatting Domain
February 12, 2020, 11:52:19 PM
#4
Quote from: masulum on February 12, 2020, 07:49:18 AM
Be careful when you are typing a domain website. One typos can make your asset lost. I find some Typosquatting Domain for Trezor. When you are typing

Typo is an inevitable mistake I believe but does this really make your fund loss right away just by clicking? Normally a virus site pinpoint you directly to another browser and that's where the stealing of info begins. But how long before they can gain access your files when you already closes the fakd browser?

Quote from: mk4 on February 12, 2020, 11:34:45 PM



I dont own a trezor but this kind of fill up form is literally an obvious scam. What the hell, why the user need to confirm its phrase so the data will not be corrupted and damage. Pretty lame to fall with the likes of this scheme.
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
Re: [WARNING] PHISHING - Trezor Typosquatting Domain
February 12, 2020, 11:34:45 PM
#3
Took a look at the scam site just for curiosity sake, and.. yea. Not even surprised in the slightest.



This is a reminder that if you own a decently big business(especially concerning finance) that it would be heavily beneficial to also purchase the typo-domains(at least the close ones like trezoe/trezpr) to protect your users.
brianddk
jr. member
Activity: 47
Merit: 16
Re: [WARNING] PHISHING - Trezor Typosquatting Domain
February 12, 2020, 10:51:06 PM
#2
As the reddit thread suggests, add these sites to a hosts file or ask PiHole to catch them.  You can also do a bit of study of how SSL works.  All these sites have a "Lets Encrypt" SSL cert, whereas the official trezor wallet sites have certs issued by "Amazon".  If you want to offload the work, you can always look the sites up on Alexa.

https://www.alexa.com/siteinfo/trezor.us <== Phishing sites have poor rank

https://www.alexa.com/siteinfo/trezor.io <== Real sites are well ranked

If you want to offload even more you can use the Alexa Traffic Rank plugin, but that will harvest a lot of browsing data unless you tweek the settings.  The plugin is nice since you have a very visual indicator as to whether the site is well ranked (legit) or poorly ranked (phish)
masulum
legendary
Activity: 2324
Merit: 1604
hmph..
Re: [WARNING] PHISHING - Trezor Typosquatting Domain
February 12, 2020, 07:49:18 AM
#1
Be careful when you are typing a domain website. One typos can make your asset lost. I find some Typosquatting Domain for Trezor. When you are typing

Code:
trezpr.io (167.114.220.88)
trezoe.io (167.114.220.88)
trezot.io (167.114.220.88)
trezr.io (167.114.220.88)
trezer.io (167.114.220.88)
trezort.io (167.114.220.88)
trwzor.io (167.114.220.88)
terzor.io (167.114.220.88)
teezor.io (167.114.220.88)
tezor.io (167.114.220.88)
yrezor.io (167.114.220.88)
rezor.io (167.114.220.88)

you will redirecting to:

trezor.us

Some Domain information:
Code:
Domain Name: TREZPR.IO
Registry Domain ID: D503300001183080702-LRMS
Registrar WHOIS Server: whois.namesilo.com
Registrar URL: http://www.namesilo.com
Updated Date: 2020-02-05T02:46:02Z
Creation Date: 2020-02-05T02:36:11Z
Registry Expiry Date: 2021-02-05T02:36:11Z

Domain Name: TREZOE.IO
Registry Domain ID: D503300001183080700-LRMS
Registrar WHOIS Server: whois.namesilo.com
Registrar URL: http://www.namesilo.com
Updated Date: 2020-02-05T21:56:51Z
Creation Date: 2020-02-05T02:36:08Z
Registry Expiry Date: 2021-02-05T02:36:08Z


Domain Name: trezor.us
Registry Domain ID: D981FBFD3B7FE46AEB0383A809C5D235C-NSR
Registrar WHOIS Server: whois.namesilo.com
Registrar URL: www.namesilo.com
Updated Date: 2020-02-10T20:40:52Z
Creation Date: 2020-02-06T07:18:09Z
Registry Expiry Date: 2021-02-06T07:18:09Z

Domain Name: TREZOT.IO
Registry Domain ID: D503300001183080701-LRMS
Registrar WHOIS Server: whois.namesilo.com
Registrar URL: http://www.namesilo.com
Updated Date: 2020-02-05T21:56:55Z
Creation Date: 2020-02-05T02:36:09Z
Registry Expiry Date: 2021-02-05T02:36:09Z

Website screenshot:


REAL TREZOR WEBSITE
https://trezor.io/
Bitcoin Forum>Economy>Trading Discussion>Scam Accusations
Jump to: