Phishing? - Email received claiming Trezor Firmware Update Required

Security Scams and phishing
1

Just received an email from the address Trezor [email protected] reading

"Firmware Update
We want to notify you about a critical issue related to your Trezor device. During our routine quality checks, we identified a problem in one of our recent firmware updates. Our team has taken swift action to address this situation, and a new, secure firmware update is now available.

For the safety of your assets, we strongly recommend that you update your Trezor device to the latest firmware as soon as possible. Please avoid conducting any transactions until your device has been updated. Safeguarding the security of your funds is our top priority, and this update will ensure that your assets remain protected and unaffected."

The email contains a clickable link to update.

It goes with out saying I have not clicked this link

Screenshot 2023-11-01 at 20.24.12
Screenshot 2023-11-01 at 20.24.123128Ă—1540 419 KB

Screenshot 2023-11-01 at 20.30.07
Screenshot 2023-11-01 at 20.30.073448Ă—1782 451 KB

Screenshot 2023-11-01 at 20.30.23
Screenshot 2023-11-01 at 20.30.231920Ă—1067 70.3 KB

1 Like
2

Here is the linked address, broken to prevent clicking, “visit firmware update” from the 2nd screen shot for context

http:// uobretailcreditmanagement.javelin.web.id/Prod/link-tracker?redirectUrl=aHR0cHMlM0ElMkYlMkZ0cmV6d2V6eGIuczMudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20lMkZUcmV6V2V6RGlyTC5odG1s&sig=vTe8GfygU3NAT9zKV7UyBkQy9B1ghRLUybFUhMQeBdT&iat=1698869228&a=%7C%7C650692445%7C%7C&account=uobretailcreditmanagement%2Eactivehosted%2Ecom&email=MLLo2zoU6efXLcLxQnyW%2FdLLS4AnlZOL8gd4%2Fv0z2vvDRQZL%2BU3d9k90YfJ%2BLmA%3D%3A%2BeWYBZb%2BY2ZmB9m93PExuNXYLtAASMg3&s=756af6f005af0f8803fda1a996ef7bd3&i=663A1777A559A1414

1 Like
3

Hi @formac,

thank you for pointing this out and for your cautious approach. We are aware of the recent phishing campaign, and we are actively looking into it.

I can confirm that the email you received is a phishing email. These emails usually contain links to phishing websites or fake phishing apps. These are designed to lure users into entering their recovery seed. Once scammers have the recovery seed, they can access and drain the user’s funds.

Phishing emails are usually sent from fake domains such as “trezor.us” or “trezornews.io” (a[email protected] in your case). Our official domain is “trezor.io.” Before clicking any links in an email, it’s important to verify the sender’s address to ensure the email’s authenticity.

More information in our Trezor Blog and Knowledge Base:

https://blog.trezor.io/phishing-attacks-used-to-steal-your-coins-recommended-reading-a39c0679c55d
https://blog.trezor.io/recognize-and-avoid-phishing-ef0948698aec

It is essential to understand that you should never reveal your recovery seed, as it is the backup of all your private keys. If your device is stolen, lost, or damaged, you can always use your recovery seed to recover your wallet on another device. This is the reason why recovery seed is so important and it should never be stored online or typed anywhere. Please, find more information about the importance of the recovery seed in this article: https://trezor.io/learn/a/how-to-use-a-recovery-seed
and in this blog post: Learn about: Recovery seed. The recovery seed is one of the… | by SatoshiLabs | Trezor Blog

Thank you for sharing the link from the phishing email, it has been reported!

1 Like