Today, Trezor warned users about phishing scams that have emerged from their own helpline. The HTML exploit allowed criminals to edit Trezor’s support email to include fake warnings and links to compromised vaults.
It is currently unknown if anyone fell into this scam, but it could be a small silver lining. This attack may have been carried out using data from previous violations, making it difficult to track down the perpetrators.
Scammers are targeting hardware wallet users
Trezor, a leading hardware wallet brand, has targeted several hacks, exploits and violations over the past few years. The crypto industry is currently facing a wave of attack, and its wallets appear to be threatened once again.
Today, Trezor warned its customers about phishing scams that could come in the form of support emails.
The phishing attacks on Trezor’s customers were pretty elegant. The company’s own communications do not provide much information about the details and simply claims that the situation is under control, saying “there were no email violations.”
However, Cyber ​​Intelligence Watchdog identified a potential threat yesterday, and Trezor treated it as the perpetrator.
The hackers promoted a violation of Trezor’s security against Dark Web and forwarded technical details to those paying $10,000. This violation was done by editing an email sent from Trezor’s support desk using HTML strings.
Malicious individuals can request “support” through this email and fill in the contact information of potential victims, rather than theirs.
The request will then contain HTML code and modify the Trezor auto attendant to include phishing attempts. Modified emails will be sent to users who appear to be from legitimate sources.
From a user’s perspective, Trezor’s own help desk sends an unexpected email. The body of Trezor’s email discusses fake “support requests,” but subjects include phishing attempts.
This will lead to hardware wallet customers losing everything due to this Web2 scam effort.
Last year, Trezor warned customers that 66,000 users who contacted the support line may have compromised. In other words, contact information for these people may be available to purchase on shady websites.
Hackers should purchase Trezor user data and HTML code to take advantage of the support email. This allows for a wide range of phishing.
In other words, there is no clear lead for this phishing perpetrator, as he did not infringe Trezor himself. Other hackers stole user data and discovered HTML violations. Both are for sale.
Hopefully, investigators will be able to track these fake support requests, but it is unclear if this will work.
Over the past few months, low-skilled social engineering scams have proven successful in penetrating crypto security. Trezor’s hardware wallet is extremely secure, but phishing attacks will force users to bypass protection.
In this environment, everyone needs to be vigilant to prevent fraud.
Disclaimer
In compliance with Trust Project guidelines, Beincrypto is committed to reporting without bias and transparent. This news article is intended to provide accurate and timely information. However, we recommend that readers independently verify the facts and consult with experts before making decisions based on this content. Please note that our terms and conditions, privacy policy and disclaimer have been updated.
