Snail Mail Attack: Trezor/Ledger customers be aware

[coinrifft]

https://x.com/ddd1ms/status/2022031180502380647

So cyber criminals now are using the old way to phish those Trezor and Ledger accounts that has been compromised by sending snail mail.

And when you scan those it will lead to two phishing sites:

Code:

https://trezor.authentication-check[.]io/
https://ledger.setuptransactioncheck[.]com/

And thankfully it has been flagged already. Nevertheless, this is a new form of attack so we should be aware of it specially Ledger/Trezor customers.

[satscraper]

https://x.com/ddd1ms/status/2022031180502380647

So cyber criminals now are using the old way to phish those Trezor and Ledger accounts that has been compromised by sending snail mail.

And when you scan those it will lead to two phishing sites:

Code:

https://trezor.authentication-check[.]io/
https://ledger.setuptransactioncheck[.]com/

And thankfully it has been flagged already. Nevertheless, this is a new form of attack so we should be aware of it specially Ledger/Trezor customers.

Hm, the headquarter of SatoshiLabs ^{the company behind Trezor} is in Prague, Czech Republic, so the written warning ^{(which is already unusual on its own)} postmarked from Pennsylvania should immediately alert any user. This letter was probably aimed at “stay‑at‑home moms” who might unsuspectingly fall for it and respond right away

Thanks for warning.

[Hazink]

There was an article I read last month which was published by Brinztech. It was about thousands of data linked to Trezor and Ledger users which was brought to the dark web for sale and the information containing users' personal information, email, mobile number and address and if that was true, then this type of mail will continue to land at Trezor and ledger users door step as it's not a random something they know exactly who they are sending the physical mail to, and it's a risky one trezor should somehow pass a warning alert across to all their users either through their forum or online publication.

[Porfirii]

-snip-

Hm, the headquarter of SatoshiLabs ^{the company behind Trezor} is in Prague, Czech Republic, so the written warning ^{(which is already unusual on its own)} postmarked from Pennsylvania should immediately alert any user. This letter was probably aimed at “stay‑at‑home moms” who might unsuspectingly fall for it and respond right away

Thanks for warning.

Well, any user who knows that fact. In my case I bought my hw several years ago and I wouldn't be able to remember where the company was headquartered without looking and looking at the bill, which I suppose in the case of many customers would have ended up in the trash a long time ago.

Anyway, I am suspicious of any unexpected email, message or letter, and even in the case this letter piqued my curiosity, the URL to which the QR leads would have cleared me of all doubt about its falsity. But it doesn't have to be that for all users of this forum, so thank you for the heads-up coinrifft.

[Call_Me_Guru]

Good warning message passed @coinrifft. To begin with, people should not use any product linked to their valuables without every possible knowledge about the product registered in their brain.

I expect people to:

• To double-check their email senders.
• See it as an automatic red flag seeing a physical message sent to them by Trezor originating from the US or other countries other than Czech Republic (Prague to be specific).
• Know that no genuine crypto company would as for their Passphrase. They should keep it safely, not in their phone. They could be forced. This makes shipping wallet to your house even risky. Alternative delivery point is better to avoid tracking.
• Very importantly, QR Codes are not to be toyed with. If you do not guarantee the source 100%, don't scan it.

[nakamura12]

My guess why they use the old ways of scamming is because there are way too many scam schemes found online and if they choose online and maybe they will see it right away that it's not the legit website. For physical mail, some people might be fooled by the website since the email looks real and there's qr code but the content isn't the legit website or real website unless they are still very careful even if it looks legit. That's just my conclusion and I might be wrong but anyways, like I said that scammers will always find a way to make a schemes or ways to scam people.

[Patikno]

Over time, scammers have begun to use all means to lure potential victims into their traps. Well, this type of fraud is actually very dangerous, meaning they use real-world services (the snail mail). Maybe, the scammers really want their potential victims to be deceived in this way, and I suspect this has something to do with leaked user data. Because I think they know about the potential victims data, right?

By the way, does the letter contain complete information about who it is addressed to (name, address, etc.)? If so, then it means it really comes from the leaked data. This is very important for everyone to know, especially for Trezor or Ledger users, because they might be careless or forget, so a warning like this is very useful.

[DYING_S0UL]

What's a Snail Mail again? I think this is the first time I am hearing such term.

I understood the scamming technique part. Also if my memory serves me right, I remember seeing a similar post of such scam a couple of months ago. But this snail mail name, how did it came to be...!

And how are they specifically targeting Trezor and Ledger users? Had there been any data leaks?

[PostQuantumBTC]

What's a Snail Mail again? I think this is the first time I am hearing such term.

It is a mail delivered to people by traditional postal delivery service, so it literally means a mail.

I understood the scamming technique part. Also if my memory serves me right, I remember seeing a similar post of such scam a couple of months ago. But this snail mail name, how did it came to be...!

Yes, it was very common last year, Ledger users were the targets.

And how are they specifically targeting Trezor and Ledger users? Had there been any data leaks?

For the Ledger users, people that bought the hardware wallet had their home addresses or address they filled while buying the hardware wallet leaked to bad people. If the one for Trezor is true, it is very possible it is through leaked customers information also.

[Davidvictorson]

This may sound like a crazy idea but I do wish that Trezor, Ledger and the others can have a section on their website were they alert their customers and visitors to their websites to these types of attacks.

That being said, those scammers are not that smart and anyone who falls for it is also not smart. An observation and reminder from reading this is that your physical home address is not safe neither is your email address. Some of these websites continue to sell our personal information to the highest bidders on third-party websites.

[uchegod-21]

So scammers now send physical mails delivered to your doorsteps, why? To make the offer feel real? Maybe that is their intention because some customers will believe easily since this is not online this time as most crypto scams are assumed to take place online.

In whatever you do as a newbie, note this:

Trezor/Ledger will never send you a snail mail asking you to scan a QR code or activate anything
Trezor/Ledger will never ask for your seedphrase no matter the situation.

Never feel pressured to act. Be security conscious.