A recent report by web3 security firm Scam Sniffer estimates that phishing scams stole around $300 million worth of cryptocurrencies in 2023.
We cannot stress this enough. Staying vigilant against phishing attacks! If you’re clueless about what these are, here’s more.
While not exhaustive, here are five red flags that should immediately signal the potential for a phishing attack,
No Trezor representative will EVER seek your recovery seed, over email, customer support, website, or any form of communication. If you receive an email or message prompting you to provide/input your sensitive data, that’s a major red flag.
Always be suspicious of messages asking for sensitive information, even if they appear to be from a trusted source. A case in point is an incident from 24th January 2024, where an unauthorized email was sent out to our newsletter database impersonating Trezor. The email was sent from a third-party email service provider we use. The phishing email fraudulently prompted users to disclose their seed phrase via a malicious link.
Attackers often use fake emails, websites, DMs (over Twitter / Telegram), and phone calls to mimic legitimate companies. Be wary of any communication that comes from outside the official channels. Always double-check aspects including email, website addresses, and social media handles. Look out for subtle misspellings or domain changes that can be a sign of a phishing attempt.
Phishing scams frequently create a sense of urgency or use threats to prompt a quick response. For instance, an email claiming that your wallet is at risk and requires immediate action should be treated with skepticism.
Here’s a case in point,
Stay cautious of communication which includes phrases/words such as ‘Immediate Action Required’, ‘If you don’t take action within 24 hours’, ‘Final Warning’, and the like.
Note: Some phishing attempts try to trick you into believing that your Trezor device will be ‘deactivated’ or ‘blocked’. However, Trezor is not able to ‘block’ or ‘deactivate’ your device. Any request asking you to do so is fraudulent.
Any request that deviates from the standard security procedures should be treated as a red flag. Trezor devices, for example, will always require physical confirmation directly on the device for any critical operation.
Do not, for example, enter your recovery seed anywhere, unless in your Trezor device upon recovery.
If you’re asked to perform unusual actions not typically requested by Trezor or any other hardware wallet provider, it’s likely a scam.
Legitimate companies usually take great care to ensure their communications are free of spelling and grammar errors. If you notice mistakes in the message, it could be a sign that it’s a phishing attempt. Watch out for poor grammar, typos, or design inconsistencies in emails and websites. These discrepancies are often signs that something is not right.
Remember, the key to protecting yourself against phishing attacks is vigilance. When in doubt, reach out directly to our customer support through official channels to verify any suspicious activity. Your digital security is paramount, and staying alert to these red flags will help safeguard your assets.
Finally, to report a phishing message, simply type “I want to report phishing” to our ChatBot Hal (on the Trezor Learn / Support pages) and follow the instructions. Hal will guide you through the process of reporting the message and provide you with any additional information you may need. By reporting phishing attempts, you can help protect other Trezor users and prevent cyber attackers from stealing digital assets.