Home Foren Trezor Wallet Ich habe eine Phishing-E-Mail von “trezor” erhalten, aber ich bin mir nicht sicher, was der Angriffsvektor ist.

Ansicht von 3 Antwort-Themen
  • Autor
    Beiträge
    • 18. Juli 2023 um 09:00 Uhr #2684499
      root_s2yse8vt
      Administrator
      Up
      0
      Down
      ::

      Ich bin mir sicher, dass es sich um eine Art von Phishing-E-Mail handelt. Ich bin mir nicht sicher, wer meine E-Mail geleakt hat, aber das ist eine andere Sache. Die eigentliche Frage ist, was der Angriffsvektor hier ist. Ist suite.trezor.io eine legale Website? Außerdem weiß ich, dass es sich um eine Phishing-E-Mail handelt, weil
      1. ich keinen Trezor besitze
      2. Die Absender-E-Mail-ID ist von einer gefälschten russischen Website.
      Haben Sie eine Idee, was dieser Betrüger wahrscheinlich von mir will? Ich möchte nur sicherstellen, dass nichts verloren geht.

    • 18. Juli 2023 um 09:00 Uhr #2684500
      alwayswatchyoursix
      Gast
      Up
      0
      Down
      ::

      Hilariously enough the URL is legit, it just dumps you at the page for downloading the app instead of Trezor’s usual homepage. But there’s absolutely no reason why Trezor would email you about logging in from somewhere other than where you are, because there is no username/password login at all to the website. Like, even if you wanted to, there isn’t an option to log in or to create a login.

      So yeah, as you already know, it’s a phishing email. The scammer is probably hoping you go to the link, can’t figure out what you’re supposed to do to secure your (non-existent) account, and will reply to the email. As for your email getting leaked, a lot of times these scammers just use bots and shotgun email lists stolen from elsewhere or just random emails. I wouldn’t worry too much about how they got the address. But sometimes they will include tracking pixels in the emails so they can follow up with other scams. So if you’re ever not 100% sure about an email before you open it, try to open in it with images and any sort of scripting blocked, or download the raw message data and check the headers first.

    • 18. Juli 2023 um 09:00 Uhr #2684501
      simonmales
      Gast
      Up
      0
      Down
      ::

      The URL in the mail is not clickable? Very odd.

      Because the normal trick is to hide the phishing link in HTML.

    • 18. Juli 2023 um 09:00 Uhr #2684502
      brianddk
      Gast
      Up
      0
      Down
      ::

      When did it arrive?

      `suite.trezor.io/security` does hit a 302 redirect, but its coming from CloudFront, which is likely Trezor’s anti DDoS service. They could have added the redirect recently. But even if they didn’t it likely would have just landed you on a 404 page.

      As with all phishing the text may be misleading. To me, looks like the `z` the `trezor.io` is slightly larger than in other parts of the message. It could be a coptic Z or some other IDN attack. Or the text could just be an anchor tag to `all-your-coin-belong-to-us.ru`. You’d be amazed what some people fall for.

      Just never click a link. And if you are really inclined to, contact support or reddit before you do (as you did).

  • Autor
    Beiträge
Ansicht von 3 Antwort-Themen
  • Du musst angemeldet sein, um auf dieses Thema antworten zu können.