Trezor ជនរងគ្រោះដោយការវាយប្រហារ Phishing; ព្រមានអ្នកប្រើប្រាស់កុំឱ្យបើកអ៊ីមែល

កាបូបផ្នែករឹង maker Trezor has confirmed to users that it was the subject of a recent ការវាយប្រហារដោយឆបោក that occurred on Saturday.

This came after bad actors masquerading as the firm, sent out an email stating that [Trezor] experienced a សន្ដិសុខ breach that exposed some customers’ data. The email then asked users to download the latest version of Trezor Suite and change their pin.

To many users, the email looked very real, as it was shared across Twitter. However, the firm was able to clarify the matter, revealing that the email never came from Trezor, but from unauthorized actors unaffiliated with the company.

In its tweet, Trezor said that it’s investigating “a potential data breach of an opt-in newsletter hosted on MailChimp.” It said it has confirmed from MailChimp that the breach targeted ក្រុមហ៊ុនគ្រីប and asked users to avoid opening any email from “[អ៊ីមែលការពារ]"។

\Given how authentic the email in the phishing attack seems, it’s likely that some people have fallen for the scam. One of the users who received the email described it as the “best phishing attempt” he had seen in years.

អស្ចារ្យ @ ធីរ័រនេះគឺជាការប៉ុនប៉ងបន្លំដ៏ល្អបំផុតដែលខ្ញុំបានឃើញក្នុងរយៈពេលប៉ុន្មានឆ្នាំចុងក្រោយនេះ។ ខ្ញុំពិតជាសំណាងណាស់ដែលខ្ញុំមិនមាន Trezor ពីព្រោះប្រសិនបើខ្ញុំមាន ខ្ញុំពិតជាអាចទាញយកការអាប់ដេតនោះ។ pic.twitter.com/DaBN2Oix11
— Tomáš Kafka (@keff85) ខែមេសា 2, 2022

The phishing email provided a download តំណភ្ជាប់នេះ with the domain name of trezor.us rather than the original trezor.io. As of press time, investigations are still ongoing to determine the extent of the attack, but Trezor has ផ្អាក its newsletter, pending further information.

ផ្នែករឹង កាបូប also confirmed that it has taken down certain domains which the attackers could exploit and said users shouldn’t open any email from Trezor until further notice. It also asked users to only use anonymous email addresses for their crypto-related activities.

You think maybe it’s time to:
1. stop doxxing your users to insecure email saas vendors
2. implement PGP email. (Kraken does it)
— EndTheFUD (?Greenpeace) (@xi27pox) ខែមេសា 3, 2022

Several users, however, have criticized Trezor’s decision to use MailChimp for its email services. Some even ប្រៀបធៀប it to Ledger, another hardware wallet that suffered from a data breach that compromised its mailing list. But there are also suggestions for more secure alternatives for mailing.

Data breaches are rising in the sector

Trezor isn’t the only crypto company that suffered a data breach in recent times. About two weeks ago, BlockFi informed investors of a data breach and the possibility of phishing attacks. The breach resulted from hackers gaining access to the data of ប្លុកហ្វាយហ្វាយ clients through Hubspot.

Then, the firm confirmed that personal information such as passwords, government-issued IDs, and social security numbers wasn’t affected because they’re not stored on Hubspot.

Nevertheless, the prevalence of these breaches shows the need for a stronger security framework by crypto companies and extra caution on the part of users.

តើអ្នកយល់យ៉ាងណាចំពោះប្រធានបទនេះ? សរសេរមកយើងហើយប្រាប់យើង!

ការមិនទទួលខុសត្រូវ

រាល់ព័ត៌មានទាំងអស់ដែលមាននៅលើគេហទំព័ររបស់យើងត្រូវបានផ្សព្វផ្សាយដោយស្មោះត្រង់និងសម្រាប់គោលបំណងព័ត៌មានទូទៅតែប៉ុណ្ណោះ។ សកម្មភាពណាមួយដែលអ្នកអានអនុវត្តលើព័ត៌មានដែលរកឃើញនៅលើគេហទំព័ររបស់យើងគឺប្រឈមនឹងហានិភ័យរបស់ពួកគេ។

Source: https://beincrypto.com/trezor-hit-by-phishing-attack-cautions-users/