Back

Ledger Yet Again Attacked By Phishing Scammers. Here's How You Can Secure Your Funds

Ledger team releases a statement while another phishing attack is disclosed

article image
Cover image via stock.adobe.com

Ledger, a high-end hardware cryptocurrency wallet, has been attacked by another series of phishing scams. The team behind the devices' production has released a manual on how to avoid falling victim to the malefactors.

Ledger scammers may know your first and last name

Ethereum (ETH) developer and former Metamask officer, Bruno Barbieri, has shared screenshots of SMS messages that he received from scammers. They impersonate the Ledger team and urge all users to update the software used by hardware wallets.

Ledger users targeted by scammers
Image via Twitter

The message is sent to one's ordinary personal mobile phone number. Moreover, it uses a mysterious "Ledger Media" domain instead of Ledger's familiar website.

Ads
Ads

When clicking on the link in the message, the user is redirected to a well-designed copy of the Ledger site. However, its domain name uses a homoglyph with a strange character under the letter "e."

A few hours after the first attempt by scammers to redirect Barbieri to the fraudulent website, he received one more message from "Ledger Report." In both cases, the malefactors used his real first and last name.

Three tips to stay safe

The fact that scammers use a database with the names and phone numbers of Ledger users makes some crypto enthusiasts suspect that hackers may be benefitting from the data breach that Ledger disclosed earlier this year.

Ledger has released an official statement regarding this dangerous situation. It confirmed that phishing attacks are targeting users of Ledger and reiterated three basic rules of safe conduct when receiving communications from the wallet's team.

First of all, they stated, Ledger interacts with its customers only via email, so any texts or phone calls should be assumed to be phishing attempts. Then, crypto holders should note that Ledger uses a very limited range of email addresses to reach its customers:

The only two legitimate Ledger email addresses are hello@ledger.com and noreply@ledger.com, as well as our customer support ZenDesk email. Treat any other email address with caution.

Finally, the legitimate Ledger domain name has no dots or accents in its URL. As covered by CryptoComes previously, the malefactors increased their activity this October.

The fastest way to get crypto news is to follow our Twitter. You won’t miss a thing! Subscribe.

article writer image
Vladislav Sopov

Blockchain Analyst & Writer with scientific background. 5+ years in IT-analytics, 2+ years in blockchain.

Worked in independent analysis as well as in start-ups (Swap.online, Monoreto, Attic Lab etc.)