"Major Phishing Campaign Targets Trezor Crypto Wallets"

Cryptocurrency hardware firm Trezor has recently acknowledged an ongoing multi-channel phishing campaign designed to trick customers into granting access to their wallets.  According to the firm, the attackers contact the victims via phone call, SMS, and/or email to say there’s been a security breach or suspicious activity on their Trezor account.  The firm noted that they have not found any evidence of a recent database breach and said that they will never contact you via calls or SMS.  Trezor provides hardware-based wallets for users to store their cryptocurrency.  Although this is nominally a more secure method than software-based wallets, if users are tricked into handing over their “recovery seed,” it could give scammers access to their funds.  The 12 or 24 character password is intended to help users who have a lost, stolen, or malfunctioning device to restore their wallet on another device.  This isn’t the first time Trezor users have been targeted by adversaries.  Last April, a highly convincing phishing campaign was sent out to users after their contact details were lifted from a newsletter mailing list hosted by MailChimp. 

Infosecurity reports: "Major Phishing Campaign Targets Trezor Crypto Wallets"