pull down to refresh

No no, it's a valid question. And shows that you already have a feel how phishing-esque attacks work.
The answer is that your attack description should fail when the wallet checks the malicious receive address. It should easily realize that it isn't derived from your secret keys.
Guessing public addresses helps an attacker nothing. Guessing secret keys would - but this would be far more unlikely than finding an individual piece of sand on earth: not gonna happen.
The hardware wallet doesn't "know" that you are sending to yourself. As far as it knows, you're creating a standard transaction. Unless it checks for exactly this type of attack (are the addresses similar enough to be suspicious?)
reply