Trezor Crypto Wallet Warns Its Customers About Massive Phishing Campaign
Hackers use good old social engineering to steal users’ savings.
Since February 27, as part of another phishing campaign, attackers have been sending fake notifications via SMS or email to clients of the Trezor cryptocurrency wallet about problems with the security of their account. Specifically, cybercriminals mention some kind of “data leak” and the user is required to take some action to “restore security”.
Trezor SMS phishing with a link to a fake website
Trezor is hardware cryptocurrency wallet, where users can store their cryptocurrency offline rather than in the cloud. Using a hardware wallet such as Trezor provides additional protection for crypto assets from malware and other fraudulent methods.
Notifications that are sent to crypto wallet clients as part of a malicious campaign are usually supplemented with a link leading to a fake Trezor website created by the attackers. There, victims are asked to enter a secret phrase from their wallet, consisting of 12 or 24 words. This phrase can be used to restore the crypto wallet in case of theft, loss or malfunction of the device. Attackers ask you to enter a phrase to “secure your account”. Of course, if a user enters this secret phrase on a phishing site, his wallet with all the cryptocurrency will “automatically” become the property of scammers.
Fake Trezor website set up by hackers
Trezor is already aware of the phishing campaign and is warning its users to beware of phishing SMS and emails warning of “data leaks”. The company also checked its systems just in case and claims that there was no data leak in principle. The whole scam is completely invented by scammers from scratch, but, oddly enough, the method works because many users have already lost their savings.
“Beware of phishing scams! Attackers contact victims via phone, SMS, or email to let them know that there has been a security breach or suspicious activity on their Trezor account. Please ignore these messages as they are not from Trezor.” reported Trezor representatives on their Twitter account.
Although it is not known for certain how the attackers knew exactly who to send such letters to in order to accurately get to Trezor customers, cybersecurity specialists have a suspicion. They believe the scammers are using the marketing list stolen in the MailChimp hack. in March 2022 . Then MailChimp reported that hackers stole the data of 102 customers, most of whom work in the cryptocurrency and financial sectors.
Shortly after the aforementioned marketing list was stolen, the attackers used it in the April attack on Trezor, in much the same way as a few days ago. In other words, scammers can use old data several times, leaked even a year ago, and gullible users are still often “led” to such manipulations. Without a doubt, the hackers have already recaptured their “penny” as part of the latest attack.
It is very important never to share credentials from your crypto wallet with anyone, and even more so not to enter them on dubious sites. It is always worth checking the domain first to make sure that the site is real, because attackers can easily fake the official site, this does not require a lot of resources.
Also, when receiving reports of leaks, not only in the cryptocurrency sphere, it makes sense to immediately find the official statement of the company on the Internet. Indeed, by the time of the client mailing, the public statement will obviously already be published in order to make the cyber incident public.