Hey everyone,
I’ve received this e-mail today saying I need to update my Trezor Firmware because of a security risk (pictures below) with a clickable link. When I clicked on it, it wanted me to connect my trezor device which I obviously didn’t do. Is this phishing scam?
It’s almost certainly a scam. I got three of these emails in the last few days…
This is a crude PHISHING SCAM 
<Message-ID: <[REDACTED]@geopod-ismtpd-12>>
Created at: [REDACTED] (Delivered after 1 second)
From: Trezor <noreply@lifebeyondlimits(.)com(.)au>
To: [REDACTED]
Subject: Security Incident Report
SPF: PASS with IP [REDACTED] (SendGrid relay)
ARC-Seal: i=1; a=rsa-sha256; t={TS}; cv=none;
d=google(.)com; s=arc-20240605;
b={ARC-SEAL-SIG}
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google(.)com; s=arc-20240605;
h=to:subject:message-id:mime-version:from:date
:content-transfer-encoding:dkim-signature:dkim-signature;
bh={BODY-HASH};
fh={FINGERPRINT-HASH};
b={ARC-MSG-SIG};
dara=google(.)com
ARC-Authentication-Results: i=1; mx.google(.)com;
dkim=pass header.i=@lifebeyondlimits(.)com(.)au header.s=s1 header.b={DKIM-B};
dkim=pass header.i=@sendgrid(.)info header.s=smtpapi header.b={DKIM2-B};
spf=pass (google(.)com: domain of {REDACTED}@emXXXX.example(.)tld designates {IP1} as permitted sender) smtp.mailfrom=“{REDACTED}@emXXXX.example(.)tld”;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=lifebeyondlimits(.)com(.)au
Return-Path: <{REDACTED}@emXXXX.example(.)tld>
Received: from {HOST1} ({HOST1}. [{IP1}])
by mx.google(.)com with ESMTPS id {ESMTPS-ID}
for <{REDACTED}@gmail(.)com>
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
{DATE1}
Received-SPF: pass (google(.)com: domain of {REDACTED}@emXXXX.example(.)tld designates {IP1} as permitted sender) client-ip={IP1};
Authentication-Results: mx.google(.)com;
dkim=pass header.i=@lifebeyondlimits(.)com(.)au header.s=s1 header.b={DKIM-B};
dkim=pass header.i=@sendgrid(.)info header.s=smtpapi header.b={DKIM2-B};
spf=pass (google(.)com: domain of {REDACTED}@emXXXX.example(.)tld designates {IP1} as permitted sender) smtp.mailfrom=“{REDACTED}@emXXXX.example(.)tld”;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=lifebeyondlimits(.)com(.)au
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifebeyondlimits(.)com(.)au;
h=content-transfer-encoding:content-type:date:from:mime-version:subject:to:cc:
content-type:date:feedback-id:from:subject:to;
s=s1; bh={BODY-HASH}; b={DKIM-B}
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sendgrid(.)info;
h=content-transfer-encoding:content-type:date:from:mime-version:subject:to:cc:
content-type:date:feedback-id:from:subject:to;
s=smtpapi; bh={BODY-HASH}; b={DKIM2-B}
Received: by {HOST2} with SMTP id {SMTP-ID} {DATE2}
Received: from {OPAQUE-ID} (unknown) by {HOST3} (SG) with HTTP id {HTTP-ID} {DATE3}
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset=us-ascii
Date: {DATE3}
From: Trezor <noreply@lifebeyondlimits(.)com(.)au>
Mime-Version: 1.0
Message-ID: <{MSG-ID}@{HOST3}>
Subject: Security Incident Report
X-SG-EID: {SG-EID}
To: {REDACTED}
X-Entity-ID: {ENTITY-ID}
I am getting at least one a week and so any email from Trezor is likely to be ignored.
Trezor should do something about this. Have a common place customers could verify official notices or something.