Trezor warns Phishing campaign through technical support mails

The company warns users about phishing attempts through mails that pretend to be technical support. The team of Trezor He said there was no mail filtration, but invites people to be attentive and not fall into this type of fraud.

***

• Users of Trezor They received emails that simulate being legitimate support communications.
  
• The company confirmed that its system was not violated, but abused the contact form.
  
• Similar attacks have previously affected Ledger, Metamask and Trust Wallet.

Trezor, One of the most recognized hardware wallets for cryptocurrency, issued a security alert today after detecting a Phishing attempt that took advantage of its contact form to deceive users.

As explained by the company in its official X account, the attackers used the online support form of Trezor to contact the technical service in the name of user email addresses. This generated apparently legitimate automatic responses from the company, which contained fraudulent links or messages.

“These emails seem authentic but they are phishing attempts,” The company warned. “Remember: never share the support of your portfolio. This must always be maintained private and out of line. Trezor will never request your safety support.”

How did the attack work?

The attacker’s method took advantage of a vulnerability present in one of the company’s official channels: the customer support form. When entering real users of previously compromised users – presumably extracted from previous leaks – the system of Trezor He automatically responded with a message that appeared to be direct and verified communication from his support team.

This type of impersonation raises the level of sophistication, since it uses legitimate infrastructure to facilitate deception, making users more difficult for users to identify that it is a scam.

Trezor said the situation was already contained. “Our contact form remains safe,” The company indicated. He also emphasized that there was no internal filtration of emails.

From the company they pointed out that they are “Actively investigating new ways to avoid this type of abuse in the future.” They reaffirmed that security is a continuous process, which requires both technological innovation and the active surveillance of users.

The company recommended to its clients that They never interact with bonds sent by email that apparently be updates or backup requests, and that any questions must be verified directly through their official site.

This incident emphasizes again the importance of continuous education in digital security for all participants of the crypto ecosystem.

A pattern of similar attacks

This is not the first case in which Trezor Face problems related to emails. In March 2022, a violation of the Newsletters supplier Mailchimp It resulted in the sending of malicious emails to users, who urged them to download an infected file disguised as an official update of the company.

Other companies in the sector have also been the target of similar attacks. Ledger, direct competitor of Trezor, He suffered an important data filtration in 2020 that presented emails from his clients, generating a wave of phishing attacks still in force.

Also Metamk, Trust Wallet and other actors in the crypto world have been victims of impersonation schemes through false support channels, social networks and emails that mimic legitimate identities.

The recurrence of these attacks highlights a persistent vulnerability in digital communication channels, particularly when they intersect with filtered information in previous incidents.

Article written by a content editor. Edited by Angel Di Matteo / Diariobitcoin

Original image of Unspash

WARNING: Diariobitcoin offers informative and educational content on various topics, including cryptocurrencies, AI, technology and regulations. We do not provide financial advice. Cryptactive investments are high risk and may not be adequate for all. Investigate, consult an expert and verify the applicable legislation before investing. I could lose all its capital.

Subscribe to our newsletter