The hardware wallet manufacturer Trezor is investigating a wave of phishing emails warning users about a “data breach”.
We are investigating a potential data breach of an opt-in newsletter hosted on MailChimp.
A scam email warning of a data breach is circulating. Do not open any email originating from [email protected], it is a phishing domain.
— Trezor (@Trezor) April 3, 2022
MailChimp database compromised
Via Twitter, Trezor confirmed that there is an ongoing phishing attack against their users. Apparently, the malicious emails are being sent to addresses that have signed up for the Trezor newsletter, which is hosted on MailChimp.
According to Trezor, MailChimp has confirmed that there indeed was a data breach coming from “an insider targeting crypto companies”, adding:
We have managed to take the phishing domain offline. We are trying to determine how many email addresses have been affected.
Very sophisticated phishing attack
One user, who has received the phishing mail, points out how deceptively real it looks. Perfidiously, the mail correctly states that Trezor’s email database has been leaked, but attempts to trick readers into downloading a malicious update to the Trezor Suite desktop app. For this purpose, the attacker has even launched a spoofed website (trezor.us), whereas the genuine Trezor website is trezor.io.
Wow, @Trezor, this is the best phishing attempt I have seen in the last few years. I am really lucky I don't have Trezor, because if I had, I would probably actually download that update. pic.twitter.com/DaBN2Oix11
— Tomáš Kafka (@keff85) April 2, 2022
So far, Trezor was able to take down the spoofed website, but still warns users not to open up any emails seemingly sent by them, until further notice. They will not be communicating by newsletter until the situation is resolved.
