Crypto Ticker (Custom)
Join now

Cart 0

Sorry, looks like we don't have enough of this product.

Products
Pair with
Is this a gift?
Subtotal Free

Shipping, taxes, and discount codes are calculated at checkout

Your Cart is Empty

"Trezor" Phishing Emails are on the rise

"Trezor" Phishing Emails are on the rise

Don't Take the Bait

If you own a crypto wallet like Trezor, your inbox might one day get a message that looks official but is actually a cleverly disguised trap. That’s exactly what happened with this recent phishing attempt making the rounds.

Here’s one of the emails we received:

On the surface, it looks polished a logo, convincing jargon, even an address in Prague. But beneath the surface, it’s a classic phishing scam designed to get you to click a malicious link and hand over your recovery seed.


Red Flags in This Email

  • Suspicious Sender Address
  • Trezor’s official emails come from domains like @trezor.io – not @runloyal.com.
    Scammers often use random domains that have nothing to do with the brand.
  • Urgency + Threat of Limited Access
  • The email says you must act now, or your account will be limited. Urgency is a common scam tactic to bypass your normal caution.
  • Mandatory "Security Update"
  • Hardware wallets never require urgent updates via email. Real updates are announced on the official Trezor website and performed through the official Trezor Suite software, not by clicking an email link.
  • Unverified Organisation Name
  • “International Digital Asset Consortium (IDAC)” sounds official… but it doesn’t exist. Scammers love creating fake authorities to make their story sound credible.
  • Clickbait Call-to-Action
  • The “Navigate To Suite” button is the bait. One click could lead to a fake site that steals your recovery phrase.


What To Do If You Receive an Email Like This

  • Stop and inspect. Before clicking anything, check the sender’s address, hover over links to see where they lead, and look for inconsistencies.
  • Verify with the source. Visit Trezor’s official website directly – not through the email – or check their verified social media accounts for announcements.
  • Report it. Forward phishing emails to Trezor’s security team at security@trezor.io and to your email provider’s abuse department.
  • Delete it. Once reported, remove it from your inbox so you don’t accidentally click it later.


What Not To Do

  • Don’t click the link. Even if you’re curious, visiting the fake site can expose you to malware or keyloggers.
  • Don’t enter your recovery seed. Trezor, Ledger, and all legitimate wallet providers will never ask for it via email, pop-up, or phone call.
  • Don’t reply to the sender. It confirms your email is active, making you a target for more scams.

 Here’s the Advice Directly from Trezor

Trezor recently issued a warning about the sharp rise in phishing scams targeting hardware wallet owners. These scams don’t just impersonate Trezor they also pose as exchanges, other wallet brands, and even fake “Trezor Support” phone calls.

Common scam tactics Trezor has seen:

    • Fake emails with alarming subject lines like “AI Wallet Update”, “Security Incident”, or “Critical Vulnerability”
    • Scam phone calls pretending to be from Trezor or other crypto brands
    • Counterfeit Trezor devices on unverified retail sites
    • Phishing ads that mimic official Trezor links
    • Fake Trezor apps and imposter websites
    • Social media accounts impersonating Trezor staff

Trezor’s golden rule:

The only time you’ll enter your wallet backup (recovery seed) is directly on your Trezor device when restoring a wallet.

This means:

    • Never type your recovery seed into your computer or phone for “security updates.”
    • Recovery is rare if someone’s prompting you to do it, it’s a red flag.
    • Scam messages often disguise requests for your seed as “backup codes,” “passphrases,” or “security checks” they’re still asking for your wallet keys.

Trezor also stresses:

    • If you get a suspicious call, hang up.
    • If you get a shady DM, ignore it.
    • If you get a scammy email, close the tab.
    • Take your time. Scammers rely on panic and urgency to cloud your judgment.

Official contact points:

Trezor’s authentic site and downloads: trezor.io

Official email sender: noreply@trezor.io

They will never ask for your recovery seed over email, phone, DM, or on any website.

How Trezor is fighting scams:

    • Working with anti-phishing provider Phishfort to take down fake sites (average 48.79 hours per takedown)
    • Reporting scam domains and phishing ads
    • Pushing phishing alerts to Trezor Suite and trezor.io
    • Taking legal action against retailers selling counterfeit devices


The Final Buzz

Crypto phishing emails are getting more sophisticated, but the scammer’s goal hasn’t changed trick you into giving away the keys to your digital vault.

Remember:

If someone asks for your recovery phrase, it’s a scam. Every. Single. Time.

Keep your wallet secure by staying skeptical, verifying every message, and never letting urgency override caution.


Stay safe. Stay smart. Be Crypto Safe.

Education is your best defence. Unlock member-only guides, checklists, and tools designed to protect your crypto, stay safe and be compliant.

Got a question about this article? Send us a message:

Fields marked with an asterisk (*) are required.

This site is protected by hCaptcha and the hCaptcha Privacy Policy and Terms of Service apply.

DISCLAIMER: All information on Be Crypto Safe is general in nature only and does not take into account your personal objectives, financial situation or needs. You should consider whether any information on Be Crypto Safe is appropriate to you before acting on it. These materials are for general information purposes only and are not investment advice or a recommendation or solicitation to buy, sell, stake, or hold any crypto asset or to engage in any specific trading strategy. Be Crypto Safe makes no representation or warranty of any kind, express or implied, as to the accuracy, completeness, timeliness, suitability or validity of any such information and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use.
© Copyright Be Crypto Safe Pty Ltd 2016-25. Copyright for this guide belongs to Be Crypto Safe Pty Ltd, and cannot be reproduced without express and specific consent.