Hackers go VERY old school - Historico da BBS TELESC.NET.BR

BBS:      TELESC.NET.BR
Assunto:  Hackers go VERY old school
De:       Mike Powell
Data:     Wed, 18 Feb 2026 09:51:01 -0500
-----------------------------------------------------------
Now that's old school - hackers are turning to snail mail to carry out crypto
thefts

By Efosa Udinmwen published 18 hours ago

Old-school paper and envelopes become a new danger for crypto users

    Physical letters are replacing emails to deliver hardware wallet phishing
campaigns
    QR codes in envelopes direct victims to fake credential harvesting websites
    Trezor and Ledger owners receive urgent notices demanding authentication
checks

Experts have warned physical letters are being used in cryptocurrency theft
campaigns which rely on QR codes and urgent warnings to trick hardware wallet
owners.

The approach replaces email with printed mail, yet the underlying technique
remains traditional phishing, according to cybersecurity expert Dmitry
Smilyanets , who detailed receiving one such letter.

Instead of malicious attachments, victims receive envelopes that appear to come
from security teams linked to hardware wallet brands.

QR codes lead to credential harvesting sites

The letters claiming an Authentication Check or Transaction Check will soon
become mandatory for continued wallet access, and instructs users to scan a QR
code to avoid disruption, with deadlines stretching into early 2026.  Once
scanned, the codes direct users to malicious websites that imitate official
setup pages associated with Trezor and Ledger devices.

One domain tied to the Ledger theme has already gone offline, while a Trezor
- themed domain remains accessible but flagged by Cloudflare as phishing
infrastructure.

The fraudulent site instructs visitors to complete an authentication process
before a stated deadline, warning that failure could restrict wallet access or
interfere with transaction signing.  

The page accepts 12, 20, or 24 - word phrases and forwards that information
through a backend API endpoint controlled by the attackers.  With that data,
threat actors can import the wallet and transfer funds without further
interaction.

It remains unclear how recipients were selected, though previous data breaches
involving hardware wallet vendors exposed customer contact details, raising
questions about whether leaked mailing addresses are being reused for physical
phishing campaigns.

Hardware wallet recovery phrases function as the textual form of private keys
controlling access to cryptocurrency funds.  Anyone who obtains that phrase
gains complete control over the associated wallet.  Manufacturers state that
recovery phrases should only be entered directly on the hardware device during
restoration and never on a website or mobile browser.

Security vendors note that technical safeguards such as firewall software can
prevent many unauthorized network connections.

Strong endpoint protection remains crucial for detecting and blocking
suspicious activity on individual devices.  Users should also maintain updated
malware removal tools to ensure that malicious software does not compromise
wallets when interacting with any links or downloads.

The shift to snail mail does not introduce new technical methods, but it shows
that attackers continue adapting delivery mechanisms when digital channels
become saturated.

The novelty lies in the envelope, not the exploitation technique - and that
distinction may be enough to lower skepticism among recipients.

Via BleepingComputer


https://www.techradar.com/pro/now-thats-old-school-hackers-are-turning-to-snail
-mail-to-carry-out-crypto-thefts

$$
--- SBBSecho 3.28-Linux
 * Origin: Capitol City Online (1:2320/105)

-----------------------------------------------------------
[Voltar]