As part of the attack, users received an email about downloading an app from the 'trezor.us' domain, which is different