Cryptocurrency hardware wallet provider Trezor is investigating a recent phishing campaign after users reported receiving phishing emails.
Anonymous blockchain detective ZachXBT posted on his Telegram channel on October 26 alarm Users suffered a phishing attack targeting Trezor customers.
ZackXBT Mentioned A post from the account JHDN (formerly Twitter) claimed that Trezor may have been compromised after receiving a phishing email on an email account dedicated to purchasing the wallet.
Similar to some past Trezor-related phishing attacks, the phishing email invites users to download “the latest firmware update” to the user’s Trezor device to “fix software issues.” According to the poster, the malicious email was sent from the email amministrazione@sideagroup.com.
Looks like Trezor may have been compromised? @safe @zachxbt #safe pic.twitter.com/4lmjZE1Quk
— j (@JHDN) October 26, 2023
“Be careful, this person just received a phishing email from an email address associated with the Trezor they purchased,” ZachXBT wrote. He added that social media reports could indicate the existence of Trezor or Evri, the British courier company that ships Trezor. Potential data leakage issues. equipment.
ZackXBT mention Two other people on Reddit complain Received the same Trezor phishing email today.
Trezor brand ambassador Josef Tetek said the company is aware of the ongoing phishing campaign and is actively investigating.
“We continually report fake websites, contact domain registrars, and educate and warn customers about known risks,” Tetek said, referring to multiple articles designed to help users deal with phishing attacks.An article like this explain Phishing emails often redirect to download an application like Trezor Suite, which asks the user to connect a wallet and enter a seed.
related: Scammers create Blockworks clone website to drain crypto wallets
“As soon as you enter the seed into the application, the seed is compromised and your funds are immediately transferred to the attacker’s wallet,” the page reads.
Tetek stressed that Trezor never asks for a recovery seed, PIN or password, adding:
“Users should never enter recovery seeds directly into any website, mobile application or into their computer. The only safe way to use a recovery seed is to follow the instructions displayed on the connected Trezor hardware wallet.”
Despite many efforts to curb such scams, cryptocurrency investors continue to suffer from numerous phishing attacks. In September, a large cryptocurrency investor reportedly fell victim to a massive phishing campaign and lost $24 million worth of crypto assets. According to some cybersecurity reports, the number of cryptocurrency phishing attacks increased by 40% in 2022.
Additional reporting by Cointelegraph author Felix Ng.
Magazine: How to Protect Your Cryptocurrency in Volatile Markets – Bitcoin OGs and Experts Engage
Svlook