Security News > 2022 > April > Sophisticated phishing attacks steal Trezor’s hardware wallets

Trezor recently published a warning against a new phishing campaign targeting its users.
Figure A. Once in possession of a list of email addresses belonging only to real Trezor customers, the attackers moved to the next step.
Figure B. As you can see, the email states that Trezor suffered from a severe security incident that might lead to cryptocurrency asset theft.
A trained eye might see a little dot under the "e" character from trezor : "ẹ". This technique of using special Unicode characters has been a tactic for years and is known as a Unicode domain phishing attack.
A careful user might also have noticed that the real website for Trezor Suite is actually suite.
As for the cryptocurrency hardware wallets from Trezor, the recovery phrase should never be typed in any software or website.
News URL
https://www.techrepublic.com/article/phishing-attacks-trezor-wallets/
Related news
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- iOS devices face twice the phishing attacks of Android (source)
- Windows NTLM hash leak flaw exploited in phishing attacks on governments (source)
- Three Reasons Why the Browser is Best for Stopping Phishing Attacks (source)
- Phishing detection is broken: Why most attacks feel like a zero day (source)
- DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack (source)