Author

Topic: [Warning] Trezor users are receiving fake emails with phishing links. (Read 392 times)

hero member
Activity: 1876
Merit: 721
Top Crypto Casino
There are those in the crypto world who see many such scammers' tactics, as a result of which crypto users have to be careful enough to stay safe from these scams. The websites we share our personal information with and expect to keep our information safe, but it turns out to be a misconception because they never provide proper security to our personal information, thereby leaving our personal information in the hands of scammers. So scammers use that information to create new strategies every time to scam.
exactly and while they may be trying to be true to their words their third party may just don`t bother who they sell such data to or fall into hack. It is actually hard to be free from all these data breach but that won`t stop one for not being extra cautious at least it limits risk especially to phishing scam, if you are privacy and security cautious and constantly updated about them

Companies like Trezor who always talk about security, safety, when users' data is stolen from them, everyone blames them. Why should we accept the story that their data has been leaked from a third party? Because even companies like Trezor do not have their customers' personal information safe. Why didn't they think about the security of their customers, they should have given maximum security to their customers' personal information.

So here's Trezor's oversight, crypto users should think twice about sharing their personal information. So after seeing this news, it is understood that no one thinks about the security of their customers' personal information, when they are hacked, those companies write a sorry announcement and post it on social media.
sr. member
Activity: 952
Merit: 275
Ledger was also a target some months ago, even Metamask too, this isn't something new in crypto space and it's because of the stupidity of people that's why they fall for this scams, my hardware wallet company can't message me using email in taking any actions, our deal was done since the day I purchased the hardware wallet, it's fully open source and non-custodial so it's a forever goodbye to any customer services after buying the hardware wallet.

Even if the email is coming from the official hardware wallet company you should not click on any link or give up your recovery seed, because they might be targeted and got their email account compromised, millions will probably lose their asset if this happen but it can never be me.

Stop reacting to everything you come across online, even a co worker in a company can decide to go bad and steal from customers, in the case of hardware wallets, you must not share anything with the customers services too, understand what you are paying money for, don't just buy and use like an idiot.
sr. member
Activity: 700
Merit: 470
Hope Jeremiah 17vs7
There are those in the crypto world who see many such scammers' tactics, as a result of which crypto users have to be careful enough to stay safe from these scams. The websites we share our personal information with and expect to keep our information safe, but it turns out to be a misconception because they never provide proper security to our personal information, thereby leaving our personal information in the hands of scammers. So scammers use that information to create new strategies every time to scam.
exactly and while they may be trying to be true to their words their third party may just don`t bother who they sell such data to or fall into hack. It is actually hard to be free from all these data breach but that won`t stop one for not being extra cautious at least it limits risk especially to phishing scam, if you are privacy and security cautious and constantly updated about them
hero member
Activity: 1876
Merit: 721
Top Crypto Casino
First, it was ledger and now Trezor users are facing such attacks. I hope nobody falls for these phishing mails.
Atleast, we haven't heard people losing money due to these phishing mails yet, which is a good sign.
I guess people are becoming more aware of these attacks now and are avoiding such phishing mails.
People should learn more about security so that they don't lose money to such scams.
~~~
That is quite obvious because once users get to know the scammers tricks then they don't fall for their traps easily.
Scammers then try a different approach to target the victims and this cycle keeps going on.
There are those in the crypto world who see many such scammers' tactics, as a result of which crypto users have to be careful enough to stay safe from these scams. The websites we share our personal information with and expect to keep our information safe, but it turns out to be a misconception because they never provide proper security to our personal information, thereby leaving our personal information in the hands of scammers. So scammers use that information to create new strategies every time to scam.
hero member
Activity: 2702
Merit: 716
Nothing lasts forever
First, it was ledger and now Trezor users are facing such attacks. I hope nobody falls for these phishing mails.
Atleast, we haven't heard people losing money due to these phishing mails yet, which is a good sign.
I guess people are becoming more aware of these attacks now and are avoiding such phishing mails.
People should learn more about security so that they don't lose money to such scams.
The database of emails used by users to contact support was hacked. The team claims that this database was stored on another server that was not properly protected. In any case, this is a threat to users and developers must take into account all the nuances. Now there are a lot of references to phishing attacks, and other schemes used by scammers, and therefore users are more careful about such mailings or other distributions, that require them to take action or follow some suspicious links.

That's a very lame excuse from Trezor. They being a very well reputed hardware wallet company developing secured hardware wallets should not take it lightly.
They should be keeping all of their servers secured correctly. That's their only job to do.

First, it was ledger and now Trezor users are facing such attacks. I hope nobody falls for these phishing mails.
Atleast, we haven't heard people losing money due to these phishing mails yet, which is a good sign.
I guess people are becoming more aware of these attacks now and are avoiding such phishing mails.
People should learn more about security so that they don't lose money to such scams.
No victims have yet reported being scammed by this phishing attack. But we cannot say for sure that no one has fallen into this trap of scammers, because many times it is seen that victims of scams remain silent for unknown reasons. Scammers are now creating fake phishing websites for almost every popular wallet name, and using stolen databases of crypto users to promote those fake websites.

If this continues, maybe in the coming days scammers will create something more advanced targeting crypto users that will be even more effective than it is now. So to make their every move fail, more publicity is needed to make crypto users more alert.

That is quite obvious because once users get to know the scammers tricks then they don't fall for their traps easily.
Scammers then try a different approach to target the victims and this cycle keeps going on.
hero member
Activity: 1876
Merit: 721
Top Crypto Casino
First, it was ledger and now Trezor users are facing such attacks. I hope nobody falls for these phishing mails.
Atleast, we haven't heard people losing money due to these phishing mails yet, which is a good sign.
I guess people are becoming more aware of these attacks now and are avoiding such phishing mails.
People should learn more about security so that they don't lose money to such scams.
No victims have yet reported being scammed by this phishing attack. But we cannot say for sure that no one has fallen into this trap of scammers, because many times it is seen that victims of scams remain silent for unknown reasons. Scammers are now creating fake phishing websites for almost every popular wallet name, and using stolen databases of crypto users to promote those fake websites.

If this continues, maybe in the coming days scammers will create something more advanced targeting crypto users that will be even more effective than it is now. So to make their every move fail, more publicity is needed to make crypto users more alert.
hero member
Activity: 980
Merit: 947
First, it was ledger and now Trezor users are facing such attacks. I hope nobody falls for these phishing mails.
Atleast, we haven't heard people losing money due to these phishing mails yet, which is a good sign.
I guess people are becoming more aware of these attacks now and are avoiding such phishing mails.
People should learn more about security so that they don't lose money to such scams.
The database of emails used by users to contact support was hacked. The team claims that this database was stored on another server that was not properly protected. In any case, this is a threat to users and developers must take into account all the nuances. Now there are a lot of references to phishing attacks, and other schemes used by scammers, and therefore users are more careful about such mailings or other distributions, that require them to take action or follow some suspicious links.
legendary
Activity: 2968
Merit: 3406
Crypto Swap Exchange
If that's true, that's worrisome. Seriously, how can that happen? How can an unauthorized entity enter their database more than once in a row?
Because of the way they've replied on Twitter, I was also under the impression that their database was compromised, but based on "this blog post", it appears to be only the third-party service [few users on Reddit were pointing to Sendinblue (also known as Brevo)] that they were using for their newsletters.
hero member
Activity: 2702
Merit: 716
Nothing lasts forever
First, it was ledger and now Trezor users are facing such attacks. I hope nobody falls for these phishing mails.
Atleast, we haven't heard people losing money due to these phishing mails yet, which is a good sign.
I guess people are becoming more aware of these attacks now and are avoiding such phishing mails.
People should learn more about security so that they don't lose money to such scams.
sr. member
Activity: 658
Merit: 441
Trezor users are also receiving fake emails, Trezor has already tweeted about this and asked all users to stay safe. These activities of scammers have increased in recent times and they are trying to trap Trezor users. Trezor officials have not released any information on whether the scammers were successful in this attempt. So be safe, now if you get any wallet related email you should verify the official information before clicking on any link.

Source : https://twitter.com/Trezor/status/1750223673506558146

I'm not surprised by this news because there have been similar news of ledger, trust wallet, metamask phishing links flying around on the internet lately. The market is about to go bull and there's going to more entry of crypto users in the crypto space, so these scammers see this period an opportunity to step up their game.

So far, what I've been able to learn from this is that whenever you receive such a message, don't be in a haste to act. Always verify the authenticity of the news by visiting the various official media channels of Trezor or whatever wallet.
full member
Activity: 266
Merit: 108
The only way this can be helpful is that you will then know that any emails that continue to arrive at the old address, and present themselves as if they are from Trezor, are potential phishing scams.
What about those that receive such mail but do not actually have an account or wallet with/on Trezor, anyway these scammers throws spam link to various email addresses, so who ever falls victim gets scammed.
legendary
Activity: 2576
Merit: 1860
I don't understand what you mean by "Trezor officials have not released any information on whether the scammers were successful in this attempt" precisely tbh. You think Trezor know all the adresses of their customers and track all their transactions? Because it's the only way to know that AFAIK since the phishing emails don't ask victims to send funds to one(or several) address but they try to deceive them into handing over their funds. If true it would be concerning.

OP is probably referring to the attempt to steal money from Trezor users. So far, there seems to be no report of lost funds because of the breach. But who knows? You're right; Trezor does not have a way to know what happened to all of their users' funds. So it's misleading or even irresponsible of them assuring the public that no funds were lost due to the said unauthorized access.

But the mere fact that the criminal/s have already gotten into their database, took data like email and names and potentially addresses and contact details as well of tens of thousands of users, they're already successful. Another success is probably that many were actually made to believe that the email was legitimate and clicked on the link. There will be more of such spam and phishing attempts in the future. If nobody fell for it today, there might be in the near future.
hero member
Activity: 504
Merit: 1065
Crypto Swap Exchange
I don't understand what you mean by "Trezor officials have not released any information on whether the scammers were successful in this attempt" precisely tbh. You think Trezor know all the adresses of their customers and track all their transactions? Because it's the only way to know that AFAIK since the phishing emails don't ask victims to send funds to one(or several) address but they try to deceive them into handing over their funds. If true it would be concerning.

Good question. Maybe Trezor just hasn't had any feedback from rip-off customers yet?

Or maybe they deliberately passed on seeds with dusts to the phishers in order to track their wallets and potential new inputs from real victims?
legendary
Activity: 2604
Merit: 2353
I don't understand what you mean by "Trezor officials have not released any information on whether the scammers were successful in this attempt" precisely tbh. You think Trezor know all the adresses of their customers and track all their transactions? Because it's the only way to know that AFAIK since the phishing emails don't ask victims to send funds to one(or several) address but they try to deceive them into handing over their funds. If true it would be concerning.
hero member
Activity: 1876
Merit: 721
Top Crypto Casino
Trezor users are also receiving fake emails, Trezor has already tweeted about this and asked all users to stay safe. These activities of scammers have increased in recent times and they are trying to trap Trezor users. Trezor officials have not released any information on whether the scammers were successful in this attempt. So be safe, now if you get any wallet related email you should verify the official information before clicking on any link.

Source : https://twitter.com/Trezor/status/1750223673506558146


Normal to receive a lot of mail like this since there are criminals want to take advantage the innocence of people towards dealing their wallets so expect that same like this will always occur especially if you use those email on any crypto related online activities.

Its importance for us to avoid clicking those links and tag this immediately as spam so that they will not get curious to open an email like this. If they are doubting regarding on the email they receive much better if they contact the support since this will clear all the doubts in mind regarding on those email they receive.
If one uses an email on any of the online sites, various types of fake offer emails keep coming to trap the users. When scammers leak users' data from a company like Trezor, it surprises everyone, and when scammers send phishing links targeting those users, everyone has no choice but to be extra cautious. When I open an email, I never click on the link until I visit the official website and confirm whether there is any official announcement or not.

And the most important thing is to check the email address from which the email came. New crypto users should understand that if an update comes, it is communicated through an official announcement by that particular company and not just by email.
hero member
Activity: 2520
Merit: 783
Trezor users are also receiving fake emails, Trezor has already tweeted about this and asked all users to stay safe. These activities of scammers have increased in recent times and they are trying to trap Trezor users. Trezor officials have not released any information on whether the scammers were successful in this attempt. So be safe, now if you get any wallet related email you should verify the official information before clicking on any link.

Source : https://twitter.com/Trezor/status/1750223673506558146



Normal to receive a lot of mail like this since there are criminals want to take advantage the innocence of people towards dealing their wallets so expect that same like this will always occur especially if you use those email on any crypto related online activities.

Its importance for us to avoid clicking those links and tag this immediately as spam so that they will not get curious to open an email like this. If they are doubting regarding on the email they receive much better if they contact the support since this will clear all the doubts in mind regarding on those email they receive.
hero member
Activity: 462
Merit: 767
Instant cryptocurrency exchange with own reserves!
It's not just fake Trezor emails. Now there are also fake MetaMask emails from the hackers asking you to turn on 2FA:

Oh bro, Let me laugh first.
I don't know if you have published your website on many platforms or what is the main traffic source of your website. But, If the hacker is from Bitcointalk and knows who is the owner of that website, I wonder why he would even waste his time sending you an email to your website email. I don't think we use our website emails to open an account on some exchange or other services.

Most of the website owners use their website emails to handle business emails like sending proposals or to receive proposals and suggestions. LOL. What makes him think that a person like NotATether could fall for their scam?
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
I wonder whether there is in fact a really safe hardware to keep our coins.

My advice is to take everything out of your Trezor if you have one (and while you're at it, your Ledger too if you have one) and put it in a Coldcard, Bitbox02, or Passport wallet. Or at least some other hardware wallet for which there aren't hacking tutorials for it available on the public internet and Youtube.

Trezor seems to have a really fragile hardware platform.
legendary
Activity: 2576
Merit: 1860
Reading some comments here, it seems that the news stating that the breach only gained access to their support ticket database is wrong. Some users who got the phishing email aren't even Trezor users. They didn't contact Trezor support either.
It appears to be two separate incidents in the space of a week... The first one was for their ticketing system and the latest one is for their "newsletter subscribers".

If that's true, that's worrisome. Seriously, how can that happen? How can an unauthorized entity enter their database more than once in a row?

Ledger has already shown something that has caused a significant backlash in terms of trust among its users. Trezor somehow survives and is probably the top brand right now as far as hardware wallets are concerned. But it actually isn't spotless either. I remember there was a time when the Trezor device itself was hacked.

I wonder whether there is in fact a really safe hardware to keep our coins.
hero member
Activity: 1876
Merit: 721
Top Crypto Casino
Truly, people hardly notice this or even bother themselves about this and even if they do, many won't even be able to identify this flaw from the scammers, since they don't know the actual domain name of Metamask except you are knowledge in privacy and security, this is an excellent scam and many will continue to fall for it.
People are very careless, they don't notice until something bad happens to them. As soon as they receive the email, they click on the link without properly verifying whether it is genuine or not. Since scammers are succeeding in these attempts, they are still using these tactics and crypto users will continue to fall victim to these scams if they are not careful. Scammers are currently using techniques like phishing emails, airdrops to target wallet scams.
legendary
Activity: 2968
Merit: 3406
Crypto Swap Exchange
If Trezor allows you to change your email address, and if yours was pwned, changing that email address to a new one is helpful.
This would only come in handy if you're going to completely ditch the affected email address.

Reading some comments here, it seems that the news stating that the breach only gained access to their support ticket database is wrong. Some users who got the phishing email aren't even Trezor users. They didn't contact Trezor support either.
It appears to be two separate incidents in the space of a week... The first one was for their ticketing system and the latest one is for their "newsletter subscribers".
sr. member
Activity: 700
Merit: 470
Hope Jeremiah 17vs7
metamask74808 [at] sup.io, I believe very few people can be scam by this email address. If it is like metamask [at] sup.io, it will have higher chance to scam careless people.

Most people do not look at the "From" section unfortunately, only the message content. Especially if the email is using HTML like this one, it is very easy to overlook the sender address. In fact some email providers like Gmail actually hide it by default and just show the friendly name - you have to actually click on it in order to reveal the sender's email address.
Truly, people hardly notice this or even bother themselves about this and even if they do, many won't even be able to identify this flaw from the scammers, since they don't know the actual domain name of Metamask except you are knowledge in privacy and security, this is an excellent scam and many will continue to fall for it.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
metamask74808 [at] sup.io, I believe very few people can be scam by this email address. If it is like metamask [at] sup.io, it will have higher chance to scam careless people.

Most people do not look at the "From" section unfortunately, only the message content. Especially if the email is using HTML like this one, it is very easy to overlook the sender address. In fact some email providers like Gmail actually hide it by default and just show the friendly name - you have to actually click on it in order to reveal the sender's email address.
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
Now there are also fake MetaMask emails from the hackers asking you to turn on 2FA:


This scam email address is easy to recognize as a scam email.

metamask74808 [at] sup.io, I believe very few people can be scam by this email address. If it is like metamask [at] sup.io, it will have higher chance to scam careless people.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
It's not just fake Trezor emails. Now there are also fake MetaMask emails from the hackers asking you to turn on 2FA:



When you click the buton, I assume it either downloads a malware or asks you to type in your seed phrase or something like that.

I even got a fake message from Netflix saying "Enable 2fa or your account will be on hold." It looked a lot like the fake MetaMask email so I assume it's from the same hackers.
legendary
Activity: 1064
Merit: 1298
Lightning network is good with small amount of BTC
Deactivating the newsletter will be ok but that won’t stop this kind of phishing attack because it doesn’t seems like some of these people actually gets this emails from the likes of Trezor it self because some others that received the mail aren’t even Trezor users
If you subscribed to Trezor newsletter, you will get the email. Those newsletter subscribers were the emails of the people that were leaked and the hacker that have access to the email sent the email with phishing link included.



But if possible the affected people can do away with the email and not use it again eill be better.
hero member
Activity: 504
Merit: 1065
Crypto Swap Exchange
It pays to be very vigilant when receiving emails from any service provider and in this case Trezor.
Its important to take a moment and not click on any links straight away, pause and try and verify.

paid2 how can we not give Trezor our personal details if we want to order a wallet and have it delivered
other than having a PO Box number which not everyone has? am I missing something?

I spend between 2 and 3 months a year in France, and there is this (I do not know if it is legal everywhere, but in the case of France, it is tolerated to buy such keys): https://www.lockpass.fr/
These are the "universal" keys that postmen use to open letterboxes.

When I'm in France, I take the opportunity to find a letterbox with no name (unoccupied or abandoned flat), put a more or less random name on it, and have anything I can pay for in cryptos delivered "anonymously" over there Smiley

I use allias systems for my emails, I generate an address for each site and centralise the reception of messages on a single address that I control.
legendary
Activity: 2436
Merit: 1362
I'm surprised at how little noise this is making when you compare it to the same situation Ledger experienced a few years ago. It's strange how different the media and the community as a whole reacted in both situation Ledger/Trezor, which are almost the same (a leak/hack of their customers database).

In any case, you have to be careful and not use your personal data when ordering a hardware wallet. I'm glad I didn't use my personal details when I ordered my Ledger back then, and my Trezor last year. 66,000 doxxed users is not nothing.

It pays to be very vigilant when receiving emails from any service provider and in this case Trezor.
Its important to take a moment and not click on any links straight away, pause and try and verify.

paid2 how can we not give Trezor our personal details if we want to order a wallet and have it delivered
other than having a PO Box number which not everyone has? am I missing something?
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
How is it going to be helpful? So that hackers will later know the email again and start sending phishing messages. The best is to unsubscribe from the newsletter. You can unsubscribe from the email messages. All what that you will do is to scroll down the email message and you will see unsubscribe, click on it and do not receive email from the again. They are careless with people's email.
Helpful in the meantime before Trezor has another data breach.

Will Trezor have other data breaches in future?

We can not know at the moment but if you feel you can not trust them, stop using their service. If you trust them to fix and improve their security, you can continue to use their service. Trust or don't trust their security on user data, you must protect yourself, by changing email, if possible. I don't know it is possible or impossible, just an idea to prevent risk from phishing emails.

Trezor allows users to change email but you will have to contact their support.
hero member
Activity: 462
Merit: 767
Instant cryptocurrency exchange with own reserves!
@Learn bitcoin was right on what he said below. 
Even though they have regained access to their support center, the hacker still has a chance to use email spoofing and send emails to those Trezor users and try various hacking attempts like sending malware and asking them to download, or asking them to use new web portal which could be phishing and numerous more methods they may try. There are still a few percentage of people who might believe those emails and try those things.
This was my basic assumption. If hackers get a list of specific service users, I am sure they will try to trick them. Approx 66000 users' data were leaked from the hack. But, how many of them are aware that their data has been stolen? Almost 90% of them don't know that their data has been stolen and they may face some critical threats. This is unfortunate. Even though Trezor started to give warnings to their users, yet there will be users who may fall for those phishing scams.

Quote
Well it's good to let people know about this current situation, I'm not a trazor user but I'm always concern in knowing all this kind of event because in less than no time I will purchasing a hardware wallet and will not want to face this kind of risk using them.
You should have some basic understanding of how social engineering works and how phishing works. When a user open their wallet for the first time, it says never share your seed phrase and the private key with anyone. That include Trezor or any other wallet providers as well.
legendary
Activity: 1624
Merit: 2594
Top Crypto Casino
If Trezor allows you to change your email address, and if yours was pwned, changing that email address to a new one is helpful.
How is it going to be helpful? So that hackers will later know the email again and start sending phishing messages. The best is to unsubscribe from the newsletter. You can unsubscribe from the email messages. All what that you will do is to scroll down the email message and you will see unsubscribe, click on it and do not receive email from the again. They are careless with people's email.

The only way this can be helpful is that you will then know that any emails that continue to arrive at the old address, and present themselves as if they are from Trezor, are potential phishing scams. On the other hand, you will still be able to receive new official announcements to your new address. Of course, this will also potentially expose your new address to a future leak, should there be any.
hero member
Activity: 1120
Merit: 887
Livecasino.io
One of my friends who works in IT sometime ago told me that email is essentially more dangerous than it is useful. And with all the phishing scams that has been perpetrated via emails, I couldn't agree more. If my memory serves me correctly, I know that there has been Binance, Coinbase, and now Trezor phishing scam via emails.

Glad that Thymos may have thought about this and didn't make the use of email to register on the forum mandatory.

Reading a sample of the email sent to Trezor users  in the OP, we can perceive the sense of urgency and those who may have fallen victims to it happened because they first freaked out and at that point, they lost focus as well as their ability to spot the warning signs.

These are indeed old tricks that people should be aware of but are not. I think that these companies should do more in educating their customers on how to identify phishing emails. It is more cost effective than fixing the problem when it has already happened.
hero member
Activity: 938
Merit: 605
Leading Crypto Sports Betting & Casino Platform
But so far I did not receive any email about this or upgrading the firmware and I will not believe it if it is not wrong, of course I will always be careful in this matter even though it comes seemingly from trezor email but should be more sure at X official or original website.

Yes the most important thing is don't give the seed phrase to anyone unless only you know.
Not just you mate even some other trezor users didn't receive the phishing message which could mean that the messages were sent randomly to the trezor users. From what I read on their official account on X they advise their users to delete the messages and we should stay vigilant for phishing attempts but one thing is that they didn't tell us how we are to stay stay vigilant so based on this, unsubscribing from their newsletter/email messages is the safer option right now, because from all what hàs happened it's obvious trezor can't guarantee absolutely security and privacy  of users data away from hackers/leak leading to phishing attack on users.

And for users we should be keen to taking steps to verify the genuineness of messages we receive if they are actually from the right source before doing whatever the message is requiring from us so that we don't out of laziness to verify from other sources fall victim to scam.

I think what trezor needs to do now to reassure users is to find out what led to this attack or leak and deal with the problem against repeating in the future. Just a warning isn't enough.
hero member
Activity: 868
Merit: 952
How is it going to be helpful? So that hackers will later know the email again and start sending phishing messages. The best is to unsubscribe from the newsletter. You can unsubscribe from the email messages. All what that you will do is to scroll down the email message and you will see unsubscribe, click on it and do not receive email from the again. They are careless with people's email.

Deactivating the newsletter will be ok but that won’t stop this kind of phishing attack because it doesn’t seems like some of these people actually gets this emails from the likes of Trezor it self because some others that received the mail aren’t even Trezor users and there are also other wallets too that are currently warning their users too about the attack, so this doesn’t seem like a Trezor issue only but definitely the newsletter deactivation will be ok but wouldn’t solve the problem.

I'm surprised at how little noise this is making when you compare it to the same situation Ledger experienced a few years ago. It's strange how different the media and the community as a whole reacted in both situation Ledger/Trezor, which are almost the same (a leak/hack of their customers database).


Its simple one has already gotten a very bad reputation already from the day they brought that recovery process which didn’t seemed welcomed at all to the community and after then they have been facing so many challenges of phishing attacks and as such whenever the company faces any again it causes uproar because many people have been warning against the use of it, so they quickly spread information to back up their claims. It’s nothing new Ledger is already at the center stage of this all and I don’t think they will ever get that reputation back ever again
legendary
Activity: 1064
Merit: 1298
Lightning network is good with small amount of BTC
If Trezor allows you to change your email address, and if yours was pwned, changing that email address to a new one is helpful.
How is it going to be helpful? So that hackers will later know the email again and start sending phishing messages. The best is to unsubscribe from the newsletter. You can unsubscribe from the email messages. All what that you will do is to scroll down the email message and you will see unsubscribe, click on it and do not receive email from the again. They are careless with people's email.
legendary
Activity: 2072
Merit: 4265
✿♥‿♥✿
Reading some comments here, it seems that the news stating that the breach only gained access to their support ticket database is wrong. Some users who got the phishing email aren't even Trezor users. They didn't contact Trezor support either.

Anyway, the key is to never reveal seed phrases to anybody, even if that person claims to be an official staff of Trezor, even if that is an official email or that is a communication coming from a verified social media account of Trezor.

There are already those who clicked on the phishing link. Lucky for them, the link itself is harmless. It's the form where the link leads to that is vital. It asks for the seed phrase.

That's right. Fraudsters send such letters even to those who are not at all connected to crypto. These email addresses were probably either purchased somewhere or hacked. Therefore, there is often talk about limiting the publication of your email wherever it is proposed to do so. At least secure your email addresses, which may be very important to you.
sr. member
Activity: 294
Merit: 433
HODL - BTC
I just found out today's news because I don't always monitor X trezor on a scale but this time I was surprised that there was a phishing attack that had been compromised.

But so far I did not receive any email about this or upgrading the firmware and I will not believe it if it is not wrong, of course I will always be careful in this matter even though it comes seemingly from trezor email but should be more sure at X official or original website.

Yes the most important thing is don't give the seed phrase to anyone unless only you know.
legendary
Activity: 2576
Merit: 1860
Reading some comments here, it seems that the news stating that the breach only gained access to their support ticket database is wrong. Some users who got the phishing email aren't even Trezor users. They didn't contact Trezor support either.

Anyway, the key is to never reveal seed phrases to anybody, even if that person claims to be an official staff of Trezor, even if that is an official email or that is a communication coming from a verified social media account of Trezor.

There are already those who clicked on the phishing link. Lucky for them, the link itself is harmless. It's the form where the link leads to that is vital. It asks for the seed phrase.
hero member
Activity: 504
Merit: 1065
Crypto Swap Exchange
I'm surprised at how little noise this is making when you compare it to the same situation Ledger experienced a few years ago. It's strange how different the media and the community as a whole reacted in both situation Ledger/Trezor, which are almost the same (a leak/hack of their customers database).

In any case, you have to be careful and not use your personal data when ordering a hardware wallet. I'm glad I didn't use my personal details when I ordered my Ledger back then, and my Trezor last year. 66,000 doxxed users is not nothing.
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
Social media platforms like X is no longer to be trusted these days; even discord. X and Discord feels like the easiest to be compromised these days
I knew risk of social media and if we only rely on social media accounts for important information, it is wrong at the start. It's only time when nightmare will come with us.

You see, I recommended in my post that visit the official website is a first step, then social media. Or you can follow those services' social media accounts, just to get notifications. After that, you must verify those notification information by visiting official websites.

Quote
it takes just 1 link from a compromise account to screw a lot of users not to mention the influx of scammers on X that appears like the real thing or organization only to be scammers with phishing URLs. I almost feel for one yesterday even though I'm very security conscious. It's a miracle these days not to fall into any of these scams.
People only need to have basic knowledge to protect themselves from scammers. Sometimes they have knowledge but carelessness and greediness harm them.

Discord & scammers. Check user IDs and user colors of strangers send you PMs
legendary
Activity: 3472
Merit: 3507
Crypto Swap Exchange
I'm not sure who takes care of emails in the Trezor, but a similar thing happened with several other services, at least those who said so publicly, CoinTelegraph, WalletConnect, Token Terminal, and De.Fi.
It is a hack of the MailerLite service, an infected computer of an employee (who's trying to execute an infected software) with accesses to sensitive URLs within MailerLite and its third parties.

https://www.infostealers.com/article/mailerlite-hack-leads-to-massive-cryptocurrency-theft-an-exploit-or-an-infostealer-infection/
https://cointelegraph.com/news/how-it-all-went-down-web3-protocol-mass-phishing-campaign-timeline
hero member
Activity: 770
Merit: 538
Leading Crypto Sports Betting & Casino Platform
Last two weeks, similar emails were flying around for trust wallet users, and I don't think there was any news by the trust wallet developers to warn their customers of such a threat, or they probably were not aware of such phishing mail to their customers.

This is really a great update for those using Trezor wallets, and it really would prevent some people from falling victim. That was also how a thread was created last week regarding the phishing email that TrustWallet users are receiving.

Scammers are really upgrading their strategies all the time, and it is also necessary for us all to be alert. Don't respond to emails that you are not expecting; even if you have to, make sure that the information on the mail is accurate and coming from the right source.
member
Activity: 66
Merit: 5
Eloncoin.org - Mars, here we come!
I believe this emails from scammers was prompted by the information of users that was compromised on the 17th of this month which is the hack of Trazor third party.

@Learn bitcoin was right on what he said below. 
Even though they have regained access to their support center, the hacker still has a chance to use email spoofing and send emails to those Trezor users and try various hacking attempts like sending malware and asking them to download, or asking them to use new web portal which could be phishing and numerous more methods they may try. There are still a few percentage of people who might believe those emails and try those things.

Well it's good to let people know about this current situation, I'm not a trazor user but I'm always concern in knowing all this kind of event because in less than no time I will purchasing a hardware wallet and will not want to face this kind of risk using them.
hero member
Activity: 2212
Merit: 805
Top Crypto Casino
Don't trust all information you received through email. Because if something is big, it will be announced on the website, social media accounts like X, blog and emails.

We must check information in emails with other channels and see is the information in email matches with other sources. If not, it is like the email is a phishing one.

Because you receive the email, you can check your email address with https://haveibeenpwned.com/

If Trezor allows you to change your email address, and if yours was pwned, changing that email address to a new one is helpful.

Social media platforms like X is no longer to be trusted these days; even discord. X and Discord feels like the easiest to be compromised these days and it takes just 1 link from a compromise account to screw a lot of users not to mention the influx of scammers on X that appears like the real thing or organization only to be scammers with phishing URLs. I almost feel for one yesterday even though I'm very security conscious. It's a miracle these days not to fall into any of these scams.

The best thing is always to understand context: For instance, why would a hardware wallet provider send updates over an email or X post? Scammers getting very smart, we have to get 2x smarter to stay ahead  Smiley
jr. member
Activity: 34
Merit: 4
There is no doubt this is troubling time because I also received an email, but good thing happen I not click on this and deleted because through social media I already have few warnings from my social media friends about this all now reading here mean things are not going well sometime back I already lost my skrill account because I have done one mistake and click on one suspicious link which create problems for me and I also lost my $5000 in this account which is now not refundable as skrill blocked my account.

I really appreciate we have this problem here and now many can check emails before clicking links which are creating problems and members are losing their hard-earned money quickly.
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
Don't trust all information you received through email. Because if something is big, it will be announced on the website, social media accounts like X, blog and emails.

We must check information in emails with other channels and see is the information in email matches with other sources. If not, it is like the email is a phishing one.

Because you receive the email, you can check your email address with https://haveibeenpwned.com/

If Trezor allows you to change your email address, and if yours was pwned, changing that email address to a new one is helpful.
hero member
Activity: 952
Merit: 555
The best to do as at now is to ensure we make an accurate verification on mails received in claim of the target they have at hand, it could be any other wallet, exchange or platform that could be attacked through their physhing mails, the more reason why we keep emphasizing in that we shouldn't click on any unsolicited link, especially the ones not coming from the official paltforms
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
I got the email 4 hours ago:




I easily knew it was fake from the URL link:



I looked for recent Trezor update but I did not see anything like that. Although, I was not expecting it because I knew it was fake from the link.

I am not a Trezor user but I subscribed with an email to their newsletter or something in the past that caused it. This is how this company easily leaking customers email to scammers.

Although, the site was not working when I clicked on it but it is very important for people to avoid the link and not click on it at all.
hero member
Activity: 1876
Merit: 721
Top Crypto Casino
Trezor users are also receiving fake emails, Trezor has already tweeted about this and asked all users to stay safe. These activities of scammers have increased in recent times and they are trying to trap Trezor users. Trezor officials have not released any information on whether the scammers were successful in this attempt. So be safe, now if you get any wallet related email you should verify the official information before clicking on any link.

Source : https://twitter.com/Trezor/status/1750223673506558146

Jump to: