🚨 Sicherheitswarnung 🚨 Wir haben eine unbefugte E-Mail entdeckt, die sich als Trezor ausgibt

[root_s2yse8vt]

Up

0

Down

::

🚨 Sicherheitswarnung 🚨Wir haben eine nicht autorisierte E-Mail entdeckt, die sich als Trezor ausgibt und von einem von uns genutzten E-Mail-Anbieter versandt wurde.Wenn Sie eine verdächtige E-Mail mit der Betreffzeile “Assets undergoing upgrade” erhalten haben, klicken Sie bitte nicht auf Links und geben Sie keine Informationen an. Wir bitten Sie, diese E-Mail sofort zu löschen, denn Ihr Vertrauen hat für uns Priorität:

– Seien Sie versichert, dass Ihre Geldbörsen & Gelder sicher bleiben.

– Denken Sie daran, dass Sie NIEMALS Ihren Recovery-Seed preisgeben.

– Bleiben Sie wachsam gegenüber Phishing-Versuchen und entschuldigen Sie sich für die entstandenen Sorgen. Wir kümmern uns aktiv um die Situation & werden Updates bereitstellen

https://preview.redd.it/mde98p297gec1.png?width=1678&format=png&auto=webp&s=13a476449b045e2928f0928dbadc71c224cca309

[Giusis]

Up

0

Down

::

That’s not just a scam/phishing email, they hacked the mailing list service (not owned by Trezor), because in my mail the link points to the legit .io official domain (update: the DNS entry has been removed so it doesn’t work anymore).

Explanation: that subdomain, although using the official domain, points to a different service, owned by a third party (mailing list). That sender is authorized to send emails in the behavior of the original domain, otherwise the ML won’t work, that’s why the phishing email passed the DMARC/DKIM checks, in fact it is “legit”. They disable the DNS (controlled by Trezor), mitigating the risk of someone falling for it.

Although I’m curious to know what’s this third party service name (update: it looks like the platform involved is sendinblue/Brevo).

[meds888]

Up

0

Down

::

your email / customer contact signup to newsletters and accounts must be compromised. I have only just yesterday created an account with Trezor… with a totally new email account and registration.

[bleudefact]

Up

0

Down

::

Please consider the following suggestion:

Trezor (and other HW wallets) should make the following statement now and also include this with all new devices:

We will NEVER email anyone about upgrading or performing any Trezor/…… operations. You run the risk of losing all your assets if you click on any email links you receive.

The only method we communicate about such critical operations is through the “Trezor Suite” / …”LedgerLive” …. app.

It’s getting bad out there and so many new to the space are losing money! Just take a look at all the air drop victims now. Every crypto yutube video has AI produced ads with phishing links….

[OwieMustDie]

Up

0

Down

::

Opened the link in my antivirus. Just took me to Google. Surprised I got this tho. I’ve never used their support.

[AutoModerator]

Up

0

Down

::

Please bear in mind that no one from the Trezor team would send you a private message first.
If you want to discuss a sensitive issue, we suggest contacting our Support team via the Troubleshooter: https://trezor.io/support/

**No one from the Trezor team (Reddit mods, Support agents, etc) would ever ask for your recovery seed!**
Beware of scams and phishings: https://blog.trezor.io/recognize-and-avoid-phishing-ef0948698aec

*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/TREZOR) if you have any questions or concerns.*

[hypercyanate]

Up

0

Down

::

Seriously, how hard can it be to send out a newsletter themselves?

Is this third party the same provider as the ticketing system?

[cfabio19]

Up

0

Down

::

Now the question is: how did they get Trezor customers email addresses in the first place? Someone got hacked.

[panicky11]

Up

0

Down

::

Could they not run their own mail server, and set DMARC to reject.

[muel0017]

Up

0

Down

::

Thanks for this I literally just got this exact email and was coming here to post if it’s legit or not, I was leaning towards not but the email is @trezor.io so I wasn’t sure

[Global-Weight-6118]

Up

0

Down

::

Expect to see more of this the year when BTC ETFs are priced in and the price of BTC moons

[HarrisonGreen]

Up

0

Down

::

“Failure to upgrade your networks could result to full funds loss”

Lol. Who falls for this? Bad English, bad grammar, bad understanding of crypto tech.

[RockySpaceship]

Up

0

Down

::

What do you recommend for those of us that clicked the link?

It led me to a “site cant be reached- DNS_PROBE_POSSIBLE” page

[Rambalamda]

Up

0

Down

::

So glad I didn’t get Trezor wallets

[_Phaxy]

Up

0

Down

::

New drivers will be also compromised, do not upgrade firmware.

[FewMagazine8182]

Up

0

Down

::

Trezor has been compromised.

[ceenessdark]

Up

0

Down

::

what if I already clicked the unsubscribe link at the bottom of the email?

[BlackBird11Fox]

Up

0

Down

::

i unfortunately clicked on the link .. anything i need to be aware of now?

[TravelGuyUSA]

Up

0

Down

::

I have never contacted customer support, so not sure how they got my email

[dmartinezz23]

Up

0

Down

::

Interesting enough, when I purchased my Trezor last month their address input form was displaying another users address, phone, email upon checkout via Google chrome…

[HeroicLife]

Up

0

Down

::

The root problem is that email is an oligopoly: the system relies on reputation to ensure deliverability. This means you can no longer run your own mail server and expect to reach customers. The email marketing providers are not built for high security applications

[coinCram]

Up

0

Down

::

Funny how this company doesn’t realize how easy they are making it for this to happen. Tradeoffs.

[Autor]

Beiträge