Here are some examples of scam websites used to trick users into revealing sensitive information.

1) Phishing websites

This scam website tried to lure users to enter their recovery phrase. A captcha was included to give the illusion of authenticity. Also, note the URL. It is not the official Trezor website.

Scammers use non-English characters that look like their English counterparts in the URL. For example, this scam website looks similar to the official Binance website. But on closer inspection, you can see that is not the case.

3) Fake advertising

A .la domain name claiming to be the real deal. What could go wrong?

4) DNS poisoning / BGP highjacking

In such scams, hackers are able to redirect users away from the website even if the correct website was entered into the web browser. Trezor users had fallen prey to this scam.

In the image above, the address bar shows the correct address ie. wallet.trezor.io. But, an inspection of the site revealed several critical errors.

One, the website’s certificate was not trusted as shown by the “Not secure” words in the address bar.

Also, the site had requested users to enter their recovery phrase.

5) Cybersquatting

This involves a scammer fooling users by using a domain which looks like the real website. In the image below, the scammer was asking the user to access the BIP 39 tool.

While the text told the user to go to “http://www.iancoleman.io/bip39” the actual link led to “http://www.iancolemann.io/bip39/”. Note the double N in the second link.

Precautions to avoid falling for the above scams: