Update Your Trust Wallet Now Or ...! (Phishing Email Explored)

5 Dec 2023

We received an email stating that our Trust Wallet update could not be completed due to technical issues.
And unless we make a manual update, we will lose access to our assets.Thousands and thousands of very similar emails are being sent every single day.

While experienced crypto users will not fall for them, newcomers to the crypto space may fall victim to this scam because they have not yet built sufficient awareness.

In this 2-minute video, we 'fall' for this scam and disclose our 12-word Trust Wallet seed phrase.

Why Do Scammers Use TinyURL

Before proceeding, we want to clarify that TinyURL is a legitimate service marketers and content creators use. But it can also be used by malicious people for malicious activities.

We do not blame Outlook or Gmail for being used by scammers to send phishing emails because the scammer is to be blamed.

TinyURL, the same as Outlook, Gmail, and many other legitimate services do take steps to prevent misuse of their service.But, in any case, we must be aware of how scammers use URL shorteners to their advantage:

Click Tracking: URL shortening services often provide analytics tools that allow users to track the number of clicks, the geographic location of users, and sometimes even the devices used to access the link.
This data is very valuable for scammers because it can be used to assess the success of their phishing campaigns, gather information about the effectiveness of different lures, and refine their tactics.

Avoiding Blacklists: By using URL shorteners, scammers can potentially bypass email filters and security systems that might flag or block known malicious URLs.
Many security systems maintain lists of known malicious websites, and using a URL shortener can help scammers evade these blacklists temporarily. Rather than exposing their phishing website URL to be banned due to their emails being flagged as spam or phishing, they expose the shortened URL, knowing that for them, it is much easier and simpler to create a new shortened URL pointing to the phishing website. 

Easier Distribution: Shortened URLs are more convenient for scammers to distribute in phishing emails because they are less likely to trigger suspicion.
Longer or more complex URLs can look suspicious and be flagged by email filters as potential phishing attempts. Or, even the recipients of the emails can become suspicious if they spot a very long URL (see example in the section below)

URL Shorteners You Should Know About

While very popular, TinyURL is not the only URL shortener scammers use. The same principle applies to the URL shorteners we will mention below. These are tools that can be used for good or bad.

Bitly (bit.ly): Bitly is one of the most popular URL-shortening services. It provides link tracking and analytics, allowing scammers to monitor the success of their campaigns.
Bitly also offers custom short URLs, making it easier for scammers to create links that appear more legitimate.

Ow.ly: Ow.ly is a URL shortening service provided by Hootsuite, a social media management platform.
Ow.ly is designed to be used with Hootsuite's social media tools, but scammers may use it independently to shorten URLs and track clicks.

is.gd: is.gd is a simple URL shortening service that scammers might use due to its ease of use.
While it doesn't provide as many tracking features as other services, is.gd can still be effective for creating short, clickable links.

Tiny.cc: Similar to TinyURL, Tiny.cc is another URL shortening service that allows scammers to create short links and track click-through statistics.
Tiny.cc is user-friendly and provides customization options for creating custom short URLs.

Rebrandly: Rebrandly is a URL-shortening service that allows users to create branded short links with custom domains.
Scammers may use Rebarandly to create links that appear more trustworthy by mimicking legitimate websites.

Dynamic Redirection as an Alternative to URL Shorteners

We will briefly reference Dynamic Redirections to prevent the false understanding that only URL Shorteners are used in Physing emails.

In addition to URL Shorteners and Dynamic Redirection, there are many other techniques that hackers and scammers use in emails to take advantage of.

Dynamic Redirection involves changing or dynamic URLs to redirect users through multiple stages before reaching the final destination, typically a phishing page.

Below is an example of a phishing email that uses Dynamic Redirection.

We can observe the target URL by hoovering (WITHOUT clicking) over the 'Upgrade my wallet' button or the 'View in web Browser' link. You can try with any email containing a button or link. Just do NOT try with suspicious emails.

Hoover over a button or link, and on the bottom left corner, you should be able to spot and read the target URL.

The Dynamic Redirection technique adds complexity to the attack, making it more challenging for security systems to detect and block malicious content.

Here is a short description of how dynamic redirection can be used in phishing campaigns:

Initial Link in the Email: The phishing email contains an initial link, often disguised as a seemingly harmless button or clickable text.

Redirection Stage: Clicking over the button or text takes the victim-to-be to the first stage of redirection. It could be one or multiple stages. This stage, or stages, serve as a stepping stone to obfuscate the final destination.
The URLs involved in the redirection process may change dynamically over time. This means that even if security systems identify and block one set of URLs associated with the phishing campaign, the scammers can modify the redirection paths to avoid detection.

Final Phishing Page: After going through the various redirection stages, the victim-to-be finally lands on the phishing page.
This page is designed to mimic a legitimate login page, and it prompts the user to enter sensitive information such as usernames, passwords, or other personal details.
See the example below of a phishing website asking the victim to provide the Metamask wallet's Secret Recovery Phrase.

Unlikely the Trust wallet example, this time, valid BIP-39 words are required from the victim. Most probably because the scammer wants to make sure that the victim does not make a mistake in this last phase of the scam, making the whole process useless to the scammer.

If this post interests you, you may also be interested in another Phishing Scam we have recently reviewed: A Sensational Win: Mutant Ape NFT! (Phishing Scam Explored)_____________________________________________________________________________________________
Congratulations on completing this 5-minute digital safety power-up.
We hope this 5 minutes read was worth the time and that you have learned some valuable information.
Please consider subscribing to our blog for short but important articles about Crypto and Digital Safety topics.

Crypto Safety First


Enjoy this blog? Subscribe to CryptoSafetyFirst


It's not just crypto, scammers & grifters exist within every industry. Most of us know to ignore spammy emails, these scams are easy to avoid though. Always cross reference & search for typos ✅ if you're unsure, go to company support & verify.
Most relevant comments are displayed, so some may have been filtered out.