Trezor Warns of Unauthorized Email Impersonating Trezor Sent via Its Third-Party Email Provider
"The unauthorized email impersonating Trezor using our domain addressed subscribers to our newsletter. No other data were compromised. We immediately restricted access to all unauthorized actors and are now contacting all affected users," Trezor said.
"We've detected an unauthorized email impersonating Trezor sent from a third-party email provider we use," said Trezor on X.
"If you received a suspicious email with the subject line 'Assets undergoing upgrade' from the ID: firstname.lastname@example.org, please do not click any links or provide any info within."
UPDATE: "We swiftly managed to deactivate the malicious link within the email text immediately and limited the reach of the threat!"
"If you have not disclosed your 12 or 24-word recovery seed through any online form, your assets remain secure. If you have entered your recovery seed in any form, particularly one that was sent via email, it is crucial to transfer your funds to a new wallet immediately," added the company.
This is not the first time scammers target email service providers used by crypto firms this week as digital marketing platform Mailer Lite was the victim of a phishing attack that resulted in the loss of over $600,000.
"An exploiter abused a vulnerability in a digital marketing platform to mimic seemingly legitimate emails that actually included links to wallet drainer sites," reported The Block.
The attack targeted subscribers of CoinTelegraph, WalletConnect, Token Terminal and De.Fi.