Widespread phishing campaign targets Trezor

BleepingComputer reports that hardware cryptocurrency wallet Trezor is being impersonated in an ongoing massive phishing campaign. Trezor customers have been sent email and SMS phishing messages indicating a data breach at Trezor beginning Feb. 27, with the messages urging them to secure their assets by visiting the linked domain which redirects to a fake Trezor site that would ask visitors to input their recovery seed. Attackers could then leverage the stolen recovery seed to facilitate asset transfers to another address. Trezor has already warned its users regarding the active phishing campaign. "We have not found any evidence of a recent database breach. We will never contact you via calls or SMS," said Trezor in a tweet. Trezor customers' email addresses and phone numbers may have been obtained by attackers through a MailChimp marketing list stolen last March, with MailChimp noting that most of the data exfiltrated were from the cryptocurrency and finance industries.