Internet scams through snail mail?

Social Engineering via postal mail.
Scam in the mail

We have all experienced scam emails or messages over social media that attempt to trick us into providing personal information. These attempts focus on gaining access to our accounts that could allow them to steal our personal data or money for their gain.

Over time, these attempts have started to get harder and harder to determine if they are fake or real. The look and feel of the messages have started to reach a point where they look very close to the actual company they are attempting to mimic.

I have taken a very stringent process of verifying all messages that appear to be coming from a company with which I have an established relationship. While this has taken a bit of extra time out of my day, it has helped to ensure my data and accounts remain safe.

I am always on the lookout for new attempts and tactics that the malicious actors may attempt. Recently I have come across some interesting tactics the malicious actors have started to do that I had not expected to see. These attacks leverage sending letters via postal mail that have a similar attempt to inform you that you have come into a large sum of money, and they need to speak with you to set up the money transfer.

Attached below is a sample of one of the recent letters that I have seen delivered via postal mail. Interestingly, they send mail via the post office, which has a high cost when attempting to scale to hundreds of thousands of targets.

The letter, at first glance, looks and feels like a valid letter coming from TD Ameritrade based on the logo and other elements from the letter. But after reading through the details, this example refers to a company called Tiber Wealth Management. When attempting to go to the website associated with this organization, you can see the site is parked on GoDaddy and most likely registered by someone who has left it idle, and their credentials were compromised.

At the end of the day, know what companies you do business with. If you receive communications you were not expecting, verify directly with the company to ensure your privacy and safety.

On a side note we may need to get the owner of this domain the GoDaddy basics book to help secure and protect their site and domain.

Disclosure: We are an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

%d bloggers like this: