Phishing scammers spoof Ledger’s support email, tricking users into sharing seed phrases under the guise of checking for a compromise.
In an attempt to fool users into disclosing their wallet keys, phishing scammers are impersonating the support email of the crypto hardware wallet provider, according to ledger users.
According to screenshots posted on X and a BleepingComputer report from December 17, the fraudulent email urges recipients to confirm their private seed phrase under the pretense of needing to “safeguard” their money and alleges that Ledger experienced a “recent data breach.”
BleepingComputer claims that although the email looks to have come from Ledger’s official support email, it was sent via an email marketing platform.
The email directs users to a well-designed, authentic-looking Ledger-branded website that asks them to “verify your Ledger,” a phony method of determining whether the device has been compromised.
Entering a seed phrase—a string of words that, if shared, would grant the Phishing scammers complete control over the wallet and enable them to drain its funds—is what the prompt asks for when it opens a popup.
“Scam attempts are an unfortunate part of life online and no one is completely immune,” Ledger said in response to an X user who expressed concern about the emails.
It stated, “Ledger will never call, direct message, or request your 24-word recovery phrase.” “It’s a scam if someone does.”
Whether any Ledger users have been duped by the phishing scheme is unknown. Ledger has been approached by Cointelegraph for comment.
The experience comes after another Ledger user claimed to have never disclosed his seed phrase online and lost $2.5 million worth of Bitcoin and non-fungible tokens on December 13.
Ledger and other blockchain security companies, however, maintain that the assets were only recently erased and phishing scammers tricked customers into falling for a phishing scam in February 2022.
In December 2023, an attacker stole $484,000 from victims by breaking into the coding of Ledger’s connector library, a technology that gives Ledger users access to decentralized banking apps.
According to security professionals, phishing schemes are predicted to expand during the forthcoming holiday season due to an expected surge in online transactions.
Additionally, Meta has alerted its users to several fraudulent schemes that target holiday customers by using phony retail coupons, phony Christmas gift box promotions, and phony holiday décor offers.
This holiday season, cryptocurrency scammers may be trying to make up lost ground after phishing losses in November dropped 53% month over month to $9.3 million.