All articles

Scams and phishing

Never share your wallet backup (formerly recovery seed) with anyone! If you receive an email asking for your wallet backup, it is a phishing attempt. If you are worried that the security of your crypto may have been compromised, please contact us via our chatbot Hal as soon as possible.


Phishing and vishing are ways that cyber attackers trick users into revealing sensitive information. Trezor users are often targeted with fake emails, websites, or phone calls that appear to be from Trezor. Attackers may ask users to enter their wallet backup, provide login credentials, or connect their device to a malicious website.

Once attackers have access to private keys, they can transfer funds to their accounts, leaving victims with nothing. To avoid falling victim to these scams, always double-check the authenticity of any communication or website and keep software and firmware up to date.

Here are some additional details and examples to help you identify phishing scams:

You should only trust the information and instructions displayed on the screen of your Trezor device. The external interface will never initialize the recovery process without your physical confirmation. The order of the words to be entered is never dictated by the interface (your browser or third-party software). Check out our blog post to learn more about the trusted display.
 
  • Be wary of urgent or threatening language. Scammers may use urgent or threatening language to pressure you into taking immediate action. For example, they may claim that your account will be suspended or that you'll lose access to your funds if you don't act quickly.
 
  • Watch out for suspicious email addresses. Scammers may use email addresses that are similar to the legitimate company's email address but with slight variations, such as a different domain name or a misspelling. For example, instead of @trezor.io, the scammer may use @trezorr.io.
 
  • Be cautious of unsolicited messages. If you receive a message from someone you don't know or weren't expecting, be cautious. Scammers may use fake social media profiles, emails, or messages to contact you and try to steal your information.
 
  • Don't click on links or download attachments from unknown sources. Scammers may send links or attachments that can infect your device with malware. Always verify the sender and the contents of the message before clicking on any links or downloading any attachments.
 
  • Look for spelling and grammar mistakes. Legitimate companies usually take great care to ensure their communications are free of spelling and grammar errors. If you notice mistakes in the message, it could be a sign that it's a phishing attempt.


By keeping these additional tips in mind and following the original ones, you can protect yourself from phishing scams and keep your digital assets safe.

 

Things to Remember:

 

Bookmark legitimate and trusted sites

One way to ensure that you are accessing a legitimate Trezor web wallet is to bookmark it in your browser. This will allow you to quickly access the site without having to type in the URL each time. Make sure to only bookmark web wallets that are known to be legitimate and trusted, such as https://suite.trezor.io/web. By doing so, you can reduce the risk of falling victim to a phishing scam and keep your digital assets safe.
 

Download Trezor Suite safely

To ensure that you download the genuine Trezor Suite application and avoid falling victim to phishing scams, it is crucial to only download it from the official Trezor website at https://trezor.io/trezor-suite.
 

You can confirm the legitimacy of the application by following the steps outlined in the Download and verify Trezor Suite article.


A passphrase offers additional protection against phishing attacks

By creating a unique, strong passphrase, you make it harder for attackers to gain unauthorized access to your account even if they obtain your rwallet backup. Keep your passphrase confidential and separate from your wallet backup to enhance your security against phishing attempts. Never share it with anyone! For Trezor Model T, Safe 3 and Safe 5 users, we always recommend entering your passphrase on the Trezor itself using the touchscreen or buttons.

Learn more about Passphrase — the Ultimate Protection for Your Accounts on the Trezor Blog

 

Trezor will never contact you via text messages or a phone call

If you receive a message claiming to be from Trezor via text message, WhatsApp, Telegram, phone call, or postal letter, treat it as a phishing attempt. Report the message as spam and block the sender immediately. Trezor will never contact you through these methods. Exercise caution with unsolicited communications and verify their sources. Report any suspicious activity to Trezor's official channels. Stay vigilant and safeguard your digital assets.
 

Never share or create digital copies of your wallet backup

Your wallet backup is the key to your digital assets and should be kept confidential at all times. Sharing it or making digital copies can put your assets at risk, as they may become accessible to hackers or unauthorized individuals. To ensure the security of your investments, store your wallet backup in a safe and secure location, away from prying eyes. Protect your digital wealth by keeping your wallet backup private. 

Learn more about How to store your bitcoin wallet backups on the Trezor Blog

 

Only interact with Trezor's official channels for your safety and security

Authentic SatoshiLabs domain names:
@trezor.io

@invity.io

@vexl.it

@tropicsquare.com

@satoshilabs.com

Our official social media channels are:
twitter.com/trezor
instagram.com/trezor.io

Our affiliate program also has unique links that help to identify them as partners, which include:

https://trezor.go2cloud.org/
https://affil.trezor.io/
 

Trezor cannot and will not deactivate your device

Some phishing attempts try to trick you into believing that your Trezor device will be 'deactivated' or 'blocked' due to KYC (Know Your Customer) reasons. However, Trezor is not able to 'block' or 'deactivate' your device. Any request asking you to do so is fraudulent.
 

How to report Phishing Scams

If you suspect that you have received a phishing message or found a suspicious link that might affect Trezor users, you can use our chatbot Hal to report it.


To report a phishing message, simply type “I want to report phishing” to Hal and follow the instructions. Hal will guide you through the process of reporting the message and provide you with any additional information you may need. By reporting phishing attempts, you can help protect other Trezor users and prevent cyber attackers from stealing digital assets.

Additionally, it's recommended to keep an eye on our official Trezor Forum for any news or updates concerning security.

By taking these precautions outlined in this article and staying informed, you can enjoy the security and peace of mind that comes with using your Trezor.