Trezor’s support platform abused in crypto theft phishing attacks
Trezor is alerting users about a phishing campaign that abuses its automated support system to send deceptive emails from its official platform.
The company’s support site allows anyone to open a ticket using any email address and subject line. The system then replies automatically, sending a case number and using the submitted ticket title as the email subject.
Attackers abuse this feature by submitting tickets with titles containing urgent phishing messages, such as “[URGENT]: vault.trezor.guide – Create a Trezor Vault now in order to secure assets who may potentially be at risk.”
Since the reply comes from the legitimate [email protected] address, it appears authentic to recipients but contains an email subject with a fake…
