Trezor shouldn't allow you send anything unless you physically approve the transaction from your device.

Trezor's blockexplorer doesn't show you this, but BSCScan does.

If you check the scam transaction here: https://bscscan.com/tx/0xfb043ff2e96de3108a0d57cda22c8afe01530b95259b97e3398336a874a1d886

You can see its name "FakePhishing...." If you click it, you'll see that it's marked as a contract that has been previously used for phishing attacks.

If you check your address using BSCScan as well. You can see that the transaction is a Zero-value transaction. See here on what does that mean:

https://www.immunebytes.com/blog/zero-value-token-transfer-phishing-attack/