Beware of Fraudulent Trezor and Ledger Letters: Avoid Scanning Unknown QR Codes

New Scam: Fake Official Letters with Phishing QR Codes

Recently, reports have surfaced about fraudsters using counterfeit letters that appear to come from well-known hardware wallet providers. These letters contain QR codes that redirect users to phishing websites designed to steal wallet recovery phrases.

These attacks exploit user trust by posing as official notifications or urgent messages. Once victims scan the QR code and enter their recovery phrase on the fake website, attackers can gain full control over their digital assets, leading to significant financial loss.

How to Identify and Prevent Such Scams

• Verify the source: If you receive such a letter, cross-check the information through official channels like the brand’s website.
• Avoid scanning unknown QR codes: It’s safer to manually enter the website address in your browser.
• Never share your recovery phrase: Legitimate companies will never ask for this information.
• Enable Two-Factor Authentication (2FA): Add an extra layer of security to your wallet account.

What to Do If You've Already Entered Your Recovery Phrase

If you accidentally entered your recovery phrase on a phishing site, take the following steps immediately:

• Transfer your funds: Move your assets to a new wallet address as soon as possible.
• Change passwords: Update all passwords associated with your wallet accounts.
• Monitor your account: Keep a close eye on your wallet balance and transaction history for any suspicious activity.

Users of cryptocurrency must remain vigilant and aware of social engineering threats to protect their digital assets effectively.