Security News > 2022 > April > Sophisticated phishing attacks steal Trezor’s hardware wallets
Trezor recently published a warning against a new phishing campaign targeting its users.
Figure A. Once in possession of a list of email addresses belonging only to real Trezor customers, the attackers moved to the next step.
Figure B. As you can see, the email states that Trezor suffered from a severe security incident that might lead to cryptocurrency asset theft.
A trained eye might see a little dot under the "e" character from trezor : "ẹ". This technique of using special Unicode characters has been a tactic for years and is known as a Unicode domain phishing attack.
A careful user might also have noticed that the real website for Trezor Suite is actually suite.
As for the cryptocurrency hardware wallets from Trezor, the recovery phrase should never be typed in any software or website.
News URL
https://www.techrepublic.com/article/phishing-attacks-trezor-wallets/
Related news
- Australian Organisations Targeted by Phishing Attacks Disguised as Atlassian (source)
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)