What is a phishing attack? Always be alert | Posted by SatoshiLabs | February 2024
Phishing is a way for cyber attackers to trick users into revealing sensitive information. Think of it like fishing. In case of phishing, you get caught 😬. Specifically, your data, contact information, passwords, and in the case of hardware wallets, a recovery seed.
Trezor users are often targeted by fake emails, websites, or phone calls that appear to come from Trezor. An attacker could ask the user to enter a seed phrase, provide login credentials, or connect the device to a malicious website.
Remember. Under no circumstances will Trezor representatives seek recovery seeds through email, customer support, website, or any other form of communication.
Back to fishing. How does it work? Hook the bait on the fishing hook, cast the fishing line, and wait for the fish to bite.
Phishing works on a similar principle.
- bait: Fraud begins with bait. This can be email, direct mail through social media channels such as Twitter, Telegram, websites, etc. It can mimic the style and branding of a legitimate company or service and even includes its logo and official language.
- hook: This bait contains a hook, in most cases a link that your target users are encouraged to click on. The link takes the user to a fake website or form that asks them to enter personal information. Think passwords, recovery seeds, etc.
- catch: The phishing attempt is successful if the target user takes the bait and enters his or her information. Sensitive data is then used for fraudulent purposes. For example, if your recovery seed is stolen, a malicious actor could deplete the cryptocurrency you hold in your wallet.
The ultimate goal of a phishing attack is to convince users to reveal information that can be used to take over their accounts. In cryptocurrency, this is usually a recovery seed. The good news is that you can avoid these situations by being disciplined about the information you share online and offline.
- When recovering, do not enter the recovery seed anywhere except on your Trezor device.
- Under no circumstances will Trezor representatives seek recovery seeds through email, customer support, website, or any form of communication.
- Users who are unsure about the correct operation of their wallet are encouraged to contact support at https://trezor.io/support.
- Do not share your recovery seeds with anyone. If you receive a communication asking for a seed phrase, it is most likely a phishing attempt, so please contact our official support channels.
Here’s more information about phishing attacks: