Trezor Phishing Attack Breached Support Desk Emails
Earlier today, Trezor warned users of a phishing scam coming from its own help line. An HTML exploit allowed criminals to edit Trezor’s support emails to include phony warnings and links to compromised vaults.
It’s currently unclear if anyone actually fell for this scam, but that may be a small silver lining. This attack could have been carried out using data from previous breaches, making its culprits hard to trace.
Scammers are Targeting Hardware Wallet Users
Trezor, a leading hardware wallet brand, has been targeted in several hacks, exploits, and breaches over the last few years. The crypto industry is facing a wave of attacks right now, and it looks like the wallet is under threat yet again.
Earlier today, Trezor warned its customers of a possible phishing scam coming in the form of support emails:
The phishing attack on Trezor’s customers was rather elegant. The company’s own communications didn’t give much information on the specifics, only claiming that “there was no email breach” and that the situation was under control.
However, cyber intelligence watchdogs identified a potential threat yesterday, and Trezor treated this as the culprit.
Hackers advertised a breach in Trezor’s security over the dark web, forwarding the technical specifics to whoever would pay $10,000. This breach involved using an HTML string to edit emails sent from Trezor’s support desk.
Nefarious individuals could request “assistance” from this email, filling in a potential victim’s contact information instead of their own.
The request would then contain the HTML code, modifying Trezor’s automatic responses to include a phishing attempt. The modified email would go out to users, seemingly from a legitimate source.
From the user’s perspective, Trezor’s own help desk would send an email unexpectedly. The body of Trezor’s email would discuss a fake “support request,” while the subject would contain a phishing attempt.
This decidedly Web2 scam effort could thereby lure hardware wallet customers into losing everything.
Last year, Trezor warned its customers that 66,000 users who contacted its support line may have been compromised. In other words, these people’s contact info might be available for purchase on seedier websites.
A hacker would need to buy Trezor user data and the HTML code to exploit the support emails, and this could enable wide-scale phishing.
In other words, there aren’t any apparent leads on this phishing perpetrator because they didn’t breach Trezor themselves. Other hackers stole the user data and found the HTML breach, both of which were up for sale.
Hopefully, investigators will be able to trace these phony support requests, but it’s unclear if this will work.
Over the past few months, low-skill social engineering scams have proven successful in penetrating crypto security. Trezor’s hardware wallets are very secure, but a phishing attack could lure users into bypassing protections.
In this environment, everyone needs to remain alert to prevent fraud.
Disclaimer
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.
