During the course of the past week, as the price of Bitcoin continues to rise, Ledger users have reported receiving an “oddly convincing” phishing email.
It is believed that the attackers are using the email addresses obtained during the ledger breach discovered in July 2020, where approximately 1 million email addresses were exposed. After further investigations, it was revealed that personal information including first and last names, postal addresses, and phone numbers of 9500 customers were also exposed.
The attackers are allegedly sending emails to Ledger users, informing them that their wallets have been compromised in a security breach affecting thousands of users. The email claims that the attack occurred on 11 November 2020, claiming that the users funds’ may be at imminent risk of theft. The phishing email further urges users to download the supposed “latest version of Ledger Live” in order to set up a new PIN for their wallet.
Global Crypto reviewed one of these phishing emails, sent from “firstname.lastname@example.org”. Note the misspelling of the word “ledger”: an important clue in any phishing email is the slight misspelling of a real address or URL.
Phishing attempts are becoming more common with the recent rise in the crypto market, and attackers’ attempts are becoming more sophisticated, resembling official company correspondence. These attempts ultimately, and often, trick users to click on a link that could compromise their security.
“We recommend you exercise caution — always be mindful of phishing attempts by malicious scammers. To put it simply, Ledger will never ask you for the 24 words of your recovery phrase. If you receive an email that looks like it came from Ledger asking for your 24 words, you should definitely consider it a phishing attempt.” – Stated Ledger in a recent blog post.
Ledger urges users to report alleged scams to the community by using: #StopTheScammers.