Trezor is alerting users about a phishing campaign that abuses its automated support system to send deceptive emails from its official platform.
The company's support site allows anyone to open a ticket using any email address and subject line. The system then replies automatically, sending a case number and using the submitted ticket title as the email subject.
Attackers abuse this feature by submitting tickets with titles containing urgent phishing messages, such as "[URGENT]: vault.trezor.guide - Create a Trezor Vault now in order to secure assets who may potentially be at risk."
Since the reply comes from the legitimate [email protected] address, it appears authentic to recipients but contains an email subject with a fake alert that links to a phishing site.
Message sent to Trezor users
Source: @geUKnDrVgzr6BfF | X
Users who were tricked into visiting the domain on their browsers were taken to a phishing page asking for their wallet seed.
Trezor is a hardware wallet, a small physical device used to securely store various forms of cryptocurrency. It is categorized as a "cold wallet," meaning it's offline and requires physical confirmation on the device to approve transactions.
However, the wallets set up on Trezor devices are secured by a so-called 'seed phrase,' which consists of 24 random words, serving as a very secure password that is essentially a master key to the user's assets.
Anyone with another user's seed phrase can restore a wallet on another device with full access to its assets.
... continue reading