Trezor, a well-known manufacturer of cryptocurrency hardware wallets, has issued a security alert after detecting a phishing attempt that exploited its contact form to deceive users. The company confirmed that its system was not breached, but the attackers abused the contact form to send legitimate-looking emails to users. These emails contained fraudulent links or messages, putting users’ security at risk.
The attackers used the contact form to generate automatic responses from Trezor’s system, making it seem like the emails were legitimate communications from the company’s support team. This type of phishing attack is particularly sophisticated, as it uses legitimate infrastructure to facilitate the deception, making it harder for users to identify the scam. Trezor assured users that the situation has been contained and that its contact form is still secure.
The company is actively investigating new ways to prevent this type of abuse in the future. This incident highlights the importance of continuous digital security education for all participants in the crypto ecosystem. Trezor recommended that its clients never interact with links sent via email that appear to be updates or requests for backup and that any doubts should be verified directly through the company’s official website.
This is not the first time Trezor has faced issues related to email phishing. In March 2022, a vulnerability in the company’s newsletter provider, Mailchimp, resulted in the sending of malicious emails to users, prompting them to download an infected file disguised as an official update. Other companies in the sector, such as Ledger, MetaMask, and Trust Wallet, have also been targeted by similar phishing attacks, which have used fake support channels, social media, and emails to impersonate legitimate identities.
The recurrence of these attacks exposes a persistent vulnerability in digital communication channels, particularly when combined with information leaked in previous incidents. As the crypto industry continues to evolve, it is essential for companies and users to prioritize security and remain vigilant against these types of threats. By staying informed and taking proactive steps to protect themselves, users can reduce the risk of falling victim to phishing attacks and ensure the security of their cryptocurrency assets.