Phishing for crypto wallet credentials.

Crypto hardware wallet provider Trezor has warned of a major phishing campaign that’s targeting its customers via phone calls, text messages, and emails.

Attackers attempt to steal wallet recovery seeds.

The messages inform recipients that Trezor has recently suffered a security breach, and instruct them to follow a link to secure their accounts. The link leads to a spoofed Trezor wallet seed recovery page.

Trezor says there’s no evidence that there’s been a real breach, and the company says it will never contact customers via phone calls or text messages.

It’s not clear how the attackers obtained Trezor’s customer contact information, but BleepingComputer points out that a similar phishing campaign targeted the company’s customers after attackers stole marketing lists from MailChimp in March 2022.

Industry comments.

Dror Liwer, co-founder of cybersecurity company Coro, provided the following comments:

“This is a great example of a company taking proactive measures once an attack campaign is discovered. Not all companies are as informed about attacks against their customers. Most phishing protections are designed to eliminate incoming phishing attacks against employees. When an attacker starts a phishing campaign against customers – companies mostly rely on customer feedback which is normally sporadic and delayed. Having fake, honey pot customer accounts as part of the defense strategy can shorten the time to discovery.”

Max Gannon, Senior Intelligence Analyst at Cofense, noted that Cofense observed this phishing campaign:

“On Feb 27, Cofense Intelligence observed a similar Trezor-spoofing campaign targeting recipients in the financial industry. The emails Cofense detected spoofing Trezor from the same time period used a different theme more focused on an error with the service rather than a breach. The credential phishing pages were no less complex. It is possible that the emails observed by Cofense were similarly targeted as the ones in the article, however it is just as likely that threat actors saw an opportunity to profit and took it. Email phishing campaigns coordinated with SMS are nothing new, however they are certainly something to watch and are likely more of a threat than either type of campaign alone.”