Nowadays criminals push fake crypto warnings through paper mail, copying real product packaging from firms like Trezor and Ledger. These printed notes arrive at homes without digital traces, making them feel more trustworthy than email scams. Instead of online messages, fraudsters now use stamps and envelopes to mimic official communication. Because it comes in an envelope, people may believe the request is genuine. Through these letters, attackers aim to steal secret backup codes used to restore wallets. Physical delivery gives the illusion of authenticity, even though the goal remains theft. The method shifts away from screens but keeps the same deceitful intent.
Pretending to come from company security units, these fake messages tell recipients they need to finish an urgent “Verification Step” or risk being locked out of their wallets. A countdown appears on screen, pushing people to act fast – slowing down feels risky when time runs short. Opening the link means scanning a barcode first, then moving through steps laid out by the site. Pressure builds because delays supposedly lead to immediate consequences. Following directions seems logical under such conditions, especially if trust in the sender feels justified.
A single message pretending to come from Trezor told users about an upcoming Authentication Check required before February 15, 2026, otherwise access to Trezor Suite could be interrupted. In much the same way, another forged notice aimed at Ledger customers claimed a Transaction Check would turn mandatory, with reduced features expected after October 15, 2025, unless acted upon. Each of these deceptive messages leads people to fake sites designed to look nearly identical to real setup portals.
BleepingComputer’s coverage shows the QR codes redirect to websites mimicking real company systems.
Instead of clear guidance, these fake sites display alerts – claiming accounts may be limited, transactions could fail, or upgrades might stall without immediate action. One warning follows another, each more urgent than the last, pulling users deeper into the trap. Gradually, they reach a point where entering their crypto wallet recovery words seems like the only option left.
Fake websites prompt people to type in their 12-, 20-, or 24-word recovery codes, claiming it’s needed to confirm device control and turn on protection.
Though entered privately, those words get sent straight to servers run by criminals. Because these attackers now hold the key, they rebuild the digital wallet elsewhere without delay. Money vanishes quickly after replication occurs.
Fewer scammers send fake crypto offers by post, even though email tricks happen daily. Still, real-world fraud attempts using paper mail have appeared before.
At times, crooks shipped altered hardware wallets meant to steal recovery words at first use. This latest effort shows hackers still test physical channels, especially if past leaks handed them home addresses.
Even after past leaks at both Trezor and Ledger revealed user emails, there’s no proof those events triggered this specific attack. However the hackers found their targets, one truth holds – your recovery phrase stays private, always.
Though prior lapses raised alarms, they didn’t require sharing keys; just like now, safety lives in secrecy. Because access begins where trust ends, never hand over seed words. Even when pressure builds, silence protects better than any tool.
Imagine a single line of words holding total power over digital money – this is what a recovery phrase does. Ownership shifts completely when someone else learns your seed phrase; control follows instantly. Co
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article:
Like this:
Like Loading...
Related
