What is a Phishing attack? Stay vigilant at all times
Phishing is a way that cyber attackers trick users into revealing sensitive information. Think of it like fishing — just that, in the case of phishing, you’re the catch 😬. Specifically, your data, contact information, passwords, and in the case of hardware wallets, recovery seeds.
Trezor users are often targeted with fake emails, websites, or phone calls that appear to be from Trezor. Attackers may ask users to enter their seed phrase, provide login credentials, or connect their device to a malicious website.
Just remember. Under no circumstance will any Trezor representative seek your recovery seed, over email, customer support, website, or any form of communication.
How Phishing works
Getting back to fishing. How does that work? You set a bait on a hook, cast your line, and wait for a fish to bite.
Phishing operates on a similar principle:
- The Bait: The scam begins with a lure. This could be an email, DM over social media channels like Twitter or Telegram, or a website. These may mimic the style and branding of a legitimate company or service, complete with logos and official language.
- The Hook: This bait contains a hook, which in most cases is a link that the target user is encouraged to click. The link will direct the user to a fake website or form where they’re asked to enter personal information. Think passwords, recovery seeds, and so on.
- The Catch: If the target user takes the bait and enters their information, the phishing attempt is successful. The sensitive data is then used for fraudulent purposes. For example, if a recovery seed is stolen, the malicious actor can drain a wallet of its crypto holdings.
Remember, the ultimate goal of a phishing attack is to convince users to reveal information that can be used to take over their accounts. In crypto, that’s usually your recovery seed. The good news is that they can be avoided by being disciplined about the information you share, online and offline.
Stay vigilant
- Do not enter your recovery seed anywhere unless in your Trezor device upon recovery.
- Under no circumstance will any Trezor representative seek your recovery seed, over email, customer support, website, or any form of communication.
- Users who are uncertain about the proper behavior of their wallet are more than welcome to contact our support at https://trezor.io/support.
- Never share your recovery seed with anyone. If you receive any communication that asks for your seed phrase, it’s likely a phishing attempt, and we ask that you contact our official support channel.
Here’s more on phishing attacks,
