A new phishing scheme targets Ledger users by mimicking their support team. These bogus emails say that Ledger has suffered a data breach and urge recipients to confirm their recovery phrases to “safeguard” their funds.
Despite appearing to originate from Ledger’s official support email address, an email marketing platform delivers the fraudulent emails. The phony Ledger-branded website appears real to the victims. On this website, users are required to enter their seed phrases in order to authenticate their wallets. However, submitting this information grants criminals full access to the wallet, allowing them to steal funds.
Ledger has restated its security principles, assuring users that they would never request recovery phrases via email, direct message, or phone. They advise consumers to exercise caution and report any strange correspondence.
This incident is comparable to previous frauds, including a recent one in which a user lost $2.5 million in Bitcoin and non-fungible tokens (NFTs) as a result of a phishing attempt. The current scam’s impact remains unclear, but as online transactions increase during the holiday season, we anticipate an increase in phishing attempts.
To be safe, constantly check the source of emails and never exchange recovery phrases online. Keep your wallet information confidential, and report any suspicious behavior to the appropriate authorities.
