Oddbean new post about | logout
nostr.build | 8 months ago (raw) | export | reply | flag +3 
 I just got this very suspicious email from Trezor.. Must be a phishing scam, interesting parts are;
- It appears to be from Trezor.io, is it a spoofed email?
- Spelling error, 2 yr old date and appears to be from an ‘ad’ template..
- CTA is to install the link or you lose all your funds……

Scary part is people could fall for this because it loos like it’s from them.. That’s weird..

https://image.nostr.build/5a041ba32cefa96c2e792d1f2a09f222f5a70e5006244ec431eeac19bd37ca47.png
OneEzra | 8 months ago (raw) | root | parent | reply | flag 
 Got the same.
Lou | 8 months ago (raw) | root | parent | reply | flag +1 
 Yup, was just checking my doxxed mail and I’ve two of those under spam 🤣
Lou | 8 months ago (raw) | root | parent | reply | flag +1 
 Sometimes they write about a leaked seed phrase
nostr.build | 8 months ago (raw) | root | parent | reply | flag +1 
 How did they spoof the email??..
Lou | 8 months ago (raw) | root | parent | reply | flag +1 
 My email is everywhere so shouldn’t be hard to find on some random list in the clearnet. 

But sometimes if you’re email got leak by a random company once, it is easy for phishers to buy the info in the darkweb 

I’ve my email since the dawn of time so it has been leak a bunch. 

As far as yours goes… good question. Try https://haveibeenpwned.com and see if it got leaked. If it did I’m assure you has been compromised forever
Lou | 8 months ago (raw) | root | parent | reply | flag +1 
 Mine has been leaked 7 times, one of those from Xitter 🤦🏻‍♂️🤣 https://i.nostr.build/6o8v.jpg
nostr.build | 8 months ago (raw) | root | parent | reply | flag 
 Sure, all of us so many times, but how did they make it look like it was from Trezor, how did they spoof noreply@trezor.io?

Just read their blog, seems someone got access to their support portal, but could they send emails form it?!?
Weird..

I ordered a Trezor years ago and never used it or the support portal 🤷‍♂️
10Luno | 8 months ago (raw) | root | parent | reply | flag 
 Have you checked the email in raw form? Most email clients allow you to inspect these email headers. Track back from the email body to the first ip address you get then `whois` that to find where it has come from.
nostr.build | 8 months ago (raw) | root | parent | reply | flag +1 
 Let me look
farfallica | 8 months ago (raw) | root | parent | reply | flag +1 
 Weird 👀👀😰
thom | 8 months ago (raw) | root | parent | reply | flag +1 
 Their ticketing system was breached https://blog.trezor.io/trezor-security-update-stay-vigilant-against-potential-phishing-attack-bb05015a21f8
stc | 8 months ago (raw) | root | parent | reply | flag 
 use JADE open source
matata | 8 months ago (raw) | root | parent | reply | flag +1 
 ruh roh

i dont understand tho why these companies like trezor and ledger do not just integrate a unique number linked to your email you sign up with so that that number will get displayed in emails from them at the top, as a wuick glance verification method
matata | 8 months ago (raw) | root | parent | reply | flag 
 quick
new npub please follow (sovereignwelder) | 8 months ago (raw) | root | parent | reply | flag +1 
 If you're hardware isn't Bitcoin only you will eventually lose no matter what.
I think Darwin's theory of evolution will sort all this out.
nostr.build | 8 months ago (raw) | root | parent | reply | flag 
 I ordered one years ago, never used it. Didn’t like it had to be plugged into the computer, didn’t have a secure chip and of course it supported shitcoins..
Totally agree, Bitcoin only wallets 🤝
NotBiebs | 8 months ago (raw) | root | parent | reply | flag +1 
 That email doesn’t even make sense. Why would not upgrading their software cause you to lose your funds? 😂
nostr.build | 8 months ago (raw) | root | parent | reply | flag 
 Some newbies may not know…