Another attempt of a phishing attack on Trezor wallet users
According to the latest post in Trezor’s blog, the support team discovered first signs of phishing when they started to receive reports about invalid SSL (security socket layer) certificate. After closer investigation, they found out that hackers created a fake Trezor wallet website and were attempting to steal its users' data.
Don't forget to get some defense for your tokens
Some users were conducted to the fake web page when they were trying to access the legitimate address. Then there was a warning popping up, where users were requested to restore their secret key phrase (recovery seed) and order number. The warning sentence contained grammar errors. Trezor One is writing on that matter:
“You should never enter your recovery seed on a computer, along with the order number. The order is always given to you by your Trezor device. Never by the computer.”
Some rules to follow to identify possible phishing
The fake wallet is now disabled by the hosting provider. After this phishing attempt, Trezor is asking its users to pay more attention and to be aware of the possible scam. In order to recognize the legitimate Trezor wallet, Trezor advices to take few things into account. First, it should be the original URL address: wallet.trezor.io. Second, one should watch for warnings from the browser regarding invalid certificates. Third, one should verify all operations on the Trezor device. Fourth, only the Trezor device and not the website may request the recovery seed.
The Trezor team further comments that they work intensively to find out the roots of the attack and to minimize the consequences for the Trezor users.