Trezor has confirmed a series of deceptive phishing emails targeting its users, coming just days after a security breach at their support portal. The company has issued an urgent security alert, advising users to be extra cautious.
Trezor Alerts Users to Phishing Danger Amidst Ongoing Security Challenges
Hardware wallet provider Trezor has issued an urgent security alert to its users about a new wave of phishing emails. This alert comes just days after a breach was reported at their third-party support portal.
On Jan. 24 Trezor confirmed the unauthorized use of its third-party email service provider, leading to a series of deceptive emails targeting its user base. According to Trezor’s official blog, the emails, appearing to be sent from “noreply@trezor.io,” falsely prompted users to upgrade their network, threatening the loss of funds if not complied with. The email contained a malicious link designed to extract users’ seed phrases.
Security Alert
We’ve detected an unauthorized email impersonating Trezor sent from a third-party email provider we use.
If you received a suspicious email with the subject line ‘Assets undergoing upgrade’ from the ID: noreply@trezor.io, please do not click any links or… pic.twitter.com/RqQnQkB4hX
— Trezor (@Trezor) January 24, 2024
While Trezor has swiftly acted to deactivate the link and reassured users that funds remain secure if the seed phrase wasn’t disclosed, they advise those who entered their recovery seed as directed by the phishing email to transfer their assets to a new wallet immediately.
The latest phishing attempt follows a similar pattern to an earlier security breach on Jan. 17, which exposed the contact information of nearly 66,000 Trezor users. Trezor has stated that no data other than email addresses was compromised in the recent phishing attack and has taken immediate action to restrict unauthorized access.
Trezor’s response to these incidents has been swift and transparent. The company’s blog offers detailed information on the timeline of events, important actions for users, and proactive security measures to be taken.
Have you been affected by any of these recent security problems? Share your thoughts and opinions about this subject in the comments section below.