Phishing attacks continue and are now affecting Trezor customers. The physical wallet manufacturer has warned of the risks of a new attack that invites users to enter their private key on a fake website. We take a look at the situation together.
Trezor customers at risk
Physical wallet provider Trezor has warned its users about a new phishing attack. The attack aims to obtain victims’ private keys and steal their cryptocurrencies.
The threat was reported on Trezor’s Twitter account. The attack is surprisingly simple, but no less dangerous: users are directed to a fake website, similar to Trezor’s, where they are asked to enter their private key.
Beware of the active phishing scam!
The attackers contact the victims via phone call, SMS and/or email to say that there’s been a security breach or suspicious activity on their Trezor account.
➡️Please ignore these messages as they are not from Trezor. ⬅️
More info in pic.twitter.com/nzfSzfwcZ1
– Trezor (@Trezor) February 28, 2023
To lure their victims into this trap, scammers contact users directly by email, phone, or on social networks. The message is as follows, with a redirection to a fraudulent site:
Trezor Suite has recently suffered a security breach, making all your assets potentially vulnerable. Please follow the security procedure to secure your assets “
The firm has asked people to ignore these messages so as not to fall into this trap. The physical wallet maker also reiterated that it does not communicate with its customers via their phone numbers.
What remains a mystery at the moment is how the attackers obtained the personal data of Trezor’s customers. For the time being, the company says it has not detected any leakage of information from its user base.
A fake website
According to analysis reports from cybersecurity firms, the scam directs Trezor users to a fake website, which looks exactly like the physical wallet firm’s. Customers are asked to fill in their personal details and then to enter the information. Customers are asked to enter their recovery phrase, also known as the seed phrase or private key.
Remember that it is absolutely essential to keep your private key safe and not to disclose it to anyone, including the manufacturer of your wallet. Once it is in the hands of someone else, it means that the cryptocurrencies no longer belong to their original owner.
This is not the first such attack on Trezor. In 2022, users were already tricked into downloading a mobile application by a phishing strategy. This was obviously fraudulent and took cryptocurrencies from the victims.
Although as old as the Internet, phishing scams continue to plague the Web3 world. We recommend that you always check the reliability of the website you are browsing and never give your private keys to anyone.
