pull down to refresh

Trezor’s support phishing attackswww.bleepingcomputer.com/news/security/trezors-support-platform-abused-in-crypto-theft-phishing-attacks/
528 sats \ 5 comments \ @Scoresby 16h privacy
The company's support site allows anyone to open a ticket using any email address and subject line. The system then replies automatically, sending a case number and using the submitted ticket title as the email subject.
Attackers abuse this feature by submitting tickets with titles containing urgent phishing messages, such as "[URGENT]: vault.trezor.guide - Create a Trezor Vault now in order to secure assets who may potentially be at risk."
Since the reply comes from the legitimate help@trezor.io address, it appears authentic to recipients but contains an email subject with a fake alert that links to a phishing site.
This is what makes me so nervous about hardware wallets in general (seedsigner and krux excepted): you are on a list.
write
preview
related posts
102 sats \ 2 replies \ @WeAreAllSatoshi 15h
It contains the link in the subject line? Is that even launchable in most browsers?
But still, not great
reply
50 sats \ 1 reply \ @Scoresby OP 15h
Perhaps the person who is willing to believe it is willing to copy paste?
reply
0 sats \ 0 replies \ @WeAreAllSatoshi 15h
That’s definitely believable. They gotta lock this shit down
reply
0 sats \ 0 replies \ @022fbc9cef 2h
Curious if they managed to automate this and how, or if some scammer had to do this by hand (create each ticket)?
reply
0 sats \ 0 replies \ @025738dda8 5h
I doubt you are on the list in this case unless asking for explicit support. And in that case, please correct me, only your email is on the list.
reply