obviously i was referring to legacy addresses. ymmv with segwit.
It's bad advice for any address, legacy, segwit, or otherwise. We have seen plenty of clipboard malware which will replace addresses with ones with matching characters at the start and at the end. It is trivial to create a database of millions of addresses for the clipboard malware to draw on and pick one which is as similar as possible to the address it is replacing to try to avoid detection of people who are careless and only check 3 or 4 characters.
they're going to need way more than "millions of addresses" to be able to match an arbitrary 4 characters in front and 4 at the end. think orders of magnitude larger. and it's really not feasible to generate something like that "on the fly" so there you go...
if someone is only checking the leading 4 characters, well thats obviously a totally different story.
The only safe method is to check the entire address, regarding of the address type. It takes less than 10 seconds to do. I have never understand why people would be so careless and risk losing their coins for the sake of literally a few seconds.
not sure if it's still like that but metamask for ethereum wouldn't show the full address on the confirmation step. you would only get to see like the first 3 and last 3 characters of the address. i would imagine there are bitcoin wallets out there that do a similar thing.