Phishing

From Trezor Wiki
Jump to: navigation, search

Phishing is often used to obtain sensitive information, such as usernames, passwords, or credit card details, by pretending to be a trustworthy entity and tricking users into sending their private information. Phishing is often done in practice by sending e-mails to users pretending to originate from a legitimate source and luring them into entering their private information online. It is important to note that no service should ever ask for your private information, especially if the service approached you. When in doubt, always verify you are in contact with the legitimate party by contacting the source yourself.

Trezor will never contact users to ask for private information. Most importantly, never give any of the following to an external party: your recovery seed words, your passphrase, your PIN, your E-shop password, and never provide remote access to your computer. When in doubt, contact Trezor support directly.

See also: Malware, Trezor support, PIN, Two-factor authentication (basic)

Important To mitigate phishing attacks, e.g. when at wallet.trezor.io, look for the green secure sign in your browser’s address bar. If the certificate is invalid, your browser will warn you, and you should pay attention to the warning. For more information, read this blog post about a phishing attack on the Trezor Wallet website.