Cryptocurrency hardware wallet provider Trezor says it is investigating a recent phishing campaign that targeted its users through their registered email addresses. The firm started the investigation after receiving several alerts from Trezor users on Twitter.
According to the alarms, unauthorized actors contacted several Trezor users posing as the company. The goal of these scammers is to mislead gullible investors and steal their crypto funds.
The Threat Actors Cloned Trezor’s Website
Some of the Trezor users received an email asking them to download applications from the “trezor.us” domain, which is a fake domain that clones the official Trezor domain name, ‘trezor.io.’
Initially, Trezor thought the affected email addresses belong to a list of users that subscribed for newsletters, hosted on Mailchimp, and American marketing service providers.
The security incident started when users of the Trezor hardware wallet started receiving bogus security incident emails that claim to be a data breach notification. The fake email alert informed users that Trezor experienced a security breach that affected 106,856 of its customers. The fake email also told the user that the wallet associated with their email address has been compromised as well.
Users Are Deceived Into Downloading Updates
The bogus data breach notification also noted that the company doesn’t know the extent of the breach. It further asked users to set up a new PIN on their hardware wallet by downloading the latest update.
However, when the user clicks on the downloaded link, it takes them to the fake website where the threat actors can carry out further damage to the user’s system.
The domain name of the first website uses Punycode characters, allowing the threat actors to impersonate the main Trezor domain using Cyrillic or accented characters.
Your capital is at risk.
- How to buy cryptocurrencies
- How to buy bitcoin
Powered by WPeMatico