Scams and phishing

Phishing and vishing are ways that cyber attackers trick users into revealing sensitive information. Trezor users are often targeted with fake emails, websites, or phone calls that appear to be from Trezor. Attackers may ask users to enter their seed phrase, provide login credentials, or connect their device to a malicious website.

Once attackers have access to private keys, they can transfer funds to their accounts, leaving victims with nothing. To avoid falling victim to these scams, always double-check the authenticity of any communication or website and keep software and firmware up to date.
 

Here are some additional details and examples to help you identify phishing scams:

• Be wary of urgent or threatening language. Scammers may use urgent or threatening language to pressure you into taking immediate action. For example, they may claim that your account will be suspended or that you'll lose access to your funds if you don't act quickly.

• Watch out for suspicious email addresses. Scammers may use email addresses that are similar to the legitimate company's email address but with slight variations, such as a different domain name or a misspelling. For example, instead of @trezor.io, the scammer may use @trezorr.io.

• Be cautious of unsolicited messages. If you receive a message from someone you don't know or weren't expecting, be cautious. Scammers may use fake social media profiles, emails, or messages to contact you and try to steal your information.

• Don't click on links or download attachments from unknown sources. Scammers may send links or attachments that can infect your device with malware. Always verify the sender and the contents of the message before clicking on any links or downloading any attachments.

• Look for spelling and grammar mistakes. Legitimate companies usually take great care to ensure their communications are free of spelling and grammar errors. If you notice mistakes in the message, it could be a sign that it's a phishing attempt.

By keeping these additional tips in mind and following the original ones, you can protect yourself from phishing scams and keep your digital assets safe.

Things to Remember:

Bookmark legitimate and trusted sites

One way to ensure that you are accessing a legitimate Trezor web wallet is to bookmark it in your browser. This will allow you to quickly access the site without having to type in the URL each time. Make sure to only bookmark web wallets that are known to be legitimate and trusted, such as https://suite.trezor.io/web. By doing so, you can reduce the risk of falling victim to a phishing scam and keep your digital assets safe.
 

Download Trezor Suite safely

To ensure that you download the genuine Trezor Suite application and avoid falling victim to phishing scams, it is crucial to only download it from the official Trezor website at https://trezor.io/trezor-suite.
 

A passphrase offers additional protection against phishing attacks

By creating a unique, strong passphrase, you make it harder for attackers to gain unauthorized access to your account even if they obtain your recovery seed. Keep your passphrase confidential and separate from your recovery seed to enhance your security against phishing attempts. Never share it with anyone! For Trezor Model T and Trezor Safe 3 users, we always recommend entering your passphrase on the Trezor itself using the touchscreen or buttons.
 

Trezor will never contact you via text messages or a phone call

If you receive a message claiming to be from Trezor via text message, WhatsApp, Telegram, phone call, or postal letter, treat it as a phishing attempt. Report the message as spam and block the sender immediately. Trezor will never contact you through these methods. Exercise caution with unsolicited communications and verify their sources. Report any suspicious activity to Trezor's official channels. Stay vigilant and safeguard your digital assets.
 

Never share or create digital copies of your recovery seed

Your recovery seed is the key to your digital assets and should be kept confidential at all times. Sharing it or making digital copies can put your assets at risk, as they may become accessible to hackers or unauthorized individuals. To ensure the security of your investments, store your recovery seed in a safe and secure location, away from prying eyes. Protect your digital wealth by keeping your recovery seed private. 
 

Only interact with Trezor's official channels for your safety and security

Authentic SatoshiLabs domain names:
@trezor.io

@invity.io

@vexl.it

@tropicsquare.com

@satoshilabs.com

Our official social media channels are:
twitter.com/trezor
instagram.com/trezor.io

Our affiliate program also has unique links that help to identify them as partners, which include:

https://trezor.go2cloud.org/
https://affil.trezor.io/
 

Trezor cannot and will not deactivate your device

Some phishing attempts try to trick you into believing that your Trezor device will be 'deactivated' or 'blocked' due to KYC (Know Your Customer) reasons. However, Trezor is not able to 'block' or 'deactivate' your device. Any request asking you to do so is fraudulent.
 

How to report Phishing Scams

To report a phishing message, simply type “I want to report phishing” to Hal and follow the instructions. Hal will guide you through the process of reporting the message and provide you with any additional information you may need. By reporting phishing attempts, you can help protect other Trezor users and prevent cyber attackers from stealing digital assets.

Additionally, it's recommended to keep an eye on our official Trezor Forum for any news or updates concerning security.

By taking these precautions outlined in this article and staying informed, you can enjoy the security and peace of mind that comes with using your Trezor.