Hackers Send Physical Phishing Letters Impersonating Trezor and Ledger to Trick Users

A cyber security expert has warned that hackers have now started targeting customers of a cryptocurrency wallet security company, ironically sending physical letters to users for access to their crypto wallet recovery phrases. The report recently highlighted that “bad actors have started duping industry leaders and stakeholders with fake Zoom video conferences and hacked Telegram accounts” in recent weeks. Crypto scams have become increasingly sophisticated in the last few years, and bad actors are more crafty with their tricks.

Fake Letters Impersonating Cryptocurrency Wallet Security Firms Carried Signatures of Executives

X’s Dmitry Smilyanets, an expert in cyber threat intelligence and Senior Director of Product Management at Recorded Future, has highlighted that several customers of Trezor, based on the cryptocurrency wallet security company — impersonating the firm — have received fake physical letters from hackers. But he noted that the letter contains an image of a “hologram” and QR code to another fake website. In a bid to depe customers, the hackers also have signed Trezor CEO Matj ák as their signature for the hacker.

X users have posted separately, saying that Trezor is not the only company where cryptocurrency hackers are impersonating. Several similar letters (including the company letterhead) were also reported to be sent to customers of Paris-based Ledger, another cryptocurrency security firm that is believed to have been in business since its launch. The fake Ledger letters were based on this format, with signature of the company’s Chief Technology Officer (CTO), Charles Guillemet.

It showed both letters a similar subject line to tell customers Trezor and Ledger will “soon” the authentication of each transaction is ‘mandatory’, which was added as ‘new security features for this type of transaction that provides more confidence’ in their transactions.

The fake letters then instructed recipients to scan the QR code with their smartphones and follow the instructions on the screen so that no service disruption was disrupted. In Smilyanets, it highlighted that this QR code redirects users to a “Scam website”, designed (via Crypto) and is intended for use with the user. News) to rob customers account recovery phrases, so they are also allowed unauthorised access of their wallets and the money.

Trezor confirmed that the company “never” calls its customers first, while threatening users to “not share” their wallet backup with anyone who responded to the post. It also advised customers to verify official channels before moving forward with the firm’s stance on . In a statement, Trezor said ‘Stay safe out there, everyone.