Since February 27, as part of the next phishing campaign, attackers send fake notifications by SMS or email about the safety problems of their account with the Trezor cryptocurrency wallet. Specifically, cybercriminals mention a certain “data leak”, and the user needs to perform some actions to “restore security”.
Trezor sms-fining with reference to a fake site
Trezor is a hardware cryptocurrency wallet in which users can store their cryptocurrency in autonomous mode, and not in the cloud. The use of a hardware wallet, such as Trezor, provides additional protection of crypto assets from malicious programs and other fraud methods.
Notifications that come to customers of the cryptocurular as part of a malicious campaign, as a rule, are supplemented by a link leading to the Trezor fake site created by attackers. There, victims are invited to introduce a secret phrase from their wallet, consisting of 12 or 24 words. This phrase can be used to restore the cryptocurrent in case of theft, loss or malfunction of the device. The attackers are asked to introduce a phrase in order to “protect the account.” Of course, if the user introduces this secret phrase on the phishing site, his wallet with all the cryptocurrency “automatically” goes into the possession of scammers.
Trezor fake site created by attackers
Trezor already knows about the phishing campaign and warns its users so that they beware of phishing SMS and emails warning about the “Data leak”. The company also, just in case, checked its systems and claims that there was no data leak in principle. The entire scam was completely invented by scammers from scratch, but, oddly enough, the method works because many users have already lost their savings.
“beware of phishing fraud! Attackers are associated with victims by phone, SMS or email to report that safety or suspicious activity has occurred in their Trezor account. Please ignore these messages because they are not from Trezor,” – reported Trezor in their Twitter account.
Although it is not known for certain how the attackers learned who exactly to send such letters in order to accurately get to Trezor customers, the cybersecurity specialists have suspicion. They believe that scammers use a marketing list stolen to halog Mailchimp in March 2022. Then Mailchimp reported that hackers stole 102 clients, most of whom work in cryptocurrency and financial sectors.