Beware: A Very Sophisticated Ledger Phishing Attack Going on
We’ve just come to know about a very sophisticated phishing attack targeting Ledger users. According to Twitter and Reddit users, a new scam email is going around with the address “firstname.lastname@example.org.” The phishing attack is specifically targeting Ledger users using their name. Meaning the malicious actors behind this attack already have users’ names on their record and email address.
We’ve got a copy of this scam email, and here’s how it looks like:
We are sorry to inform you that there has been a security breach affecting approximately 85,000 of our customers and that your e-mail address (’email’) is within those affected by the breach.
Namely, on Friday, October 23rd 2020, our forensics team has found several of the Ledger Live administrative servers to be infected with malware.
In the current state of our knowledge, it is not technically possible to state the exact scope of the data leak. Due to that fact, we must assume that your cryptocurrency assets are at an immediate risk of theft.
If you’ve used Ledger Live at any point from November 2019 to the present date, please download the latest version of the client and follow the instructions to set up a new PIN for your wallet.
The email suggests that Ledger Live servers are breached, and a Ledger Live update is needed. The fake email also includes a malicious link suggesting users to “Download the latest version.” This link is malicious, and it is advisable not to click on this link. Following this link may result in your funds being stolen from your account.
Meanwhile, Ledger has also tweeted from its official account, alerting users about the scam. The tweet says, “According to our information, some scammers are getting in touch with Ledger users through text messages and emails. Never give the 24 words of your recovery seed. The ledger will never ask for them.”