Many from the crypto community on Reddit revealed that if they make even a small typo, they are redirected to a fake website impersonating Trezor. The wallet claims that an updated is needed to the firmware as an excuse to ask for the speed phrase and then steal all funds from the wallet.
CTO of Casa, Jameson Lopp tweeted that the best way to access the web wallet is by visiting it via the bookmarked version of the online wallet. These fake URL websites claiming to be real have been around for a while, but they are continually growing.
Users of @Trezor's web wallet should NOT visit it by typing "https://t.co/ZTH56WFMys" into your browser – if you mis-type the URL you may be redirected to an imposter site that will try to steal your BTC! Bookmarks are your friend!https://t.co/3WLq4bo0NB
— Jameson Lopp (@lopp) October 4, 2019
It is highly advised to double-check the website on which you have landed before making any transaction or writing passwords. A victim to the attack reported on Reddit that he typed “tezor.io” instead of trezor.io and was instantly redirected to a fake website. The scam website installed a compromised firmware on the device.