Users of Ledger have recently been targeted by a phishing scam in the form of a fake email coming from the Ledger support team. The cryptocurrency hardware wallet manufacturer suffered a data breach a few months ago, which could be related to the incident.
The users who received the phishing email claim it was so convincing that it took them some time to realize it’s fake. Only after a more careful inspection, it was possible to spot the usual signs of a phishing scam. The email contained a message alerting the user that the Ledger Live service has been hit with a malware attack.
As with most phishing messages, its content created a sense of urgency: “At this moment, it’s technically impossible to conclusively assess the severity and the scope of the data breach. Due to these circumstances, we must assume that your cryptocurrency assets are at risk of being stolen. If you’re receiving this e-mail, it’s because you’ve been affected by the breach. In order to protect your assets, please download the latest version of Ledger Live and follow the instructions to set up a new PIN for your wallet.”
The email contained a button to download a new version of the software. If the users fell into the trap and clicked on the button, they were redirected to a malware-hosting website. The website’s fake domain (“.io” instead of “.com”, the company’s legitimate one) is another dead giveaway of a phishing scam. The phishing emails came from “[email protected]”, where misspelling of the company’s name (another warning sign) could easily go unnoticed.
Roots of the attack
Although the company did not comment on it, experts claim there is a chance of the incident being related to a massive data breach that occurred in June. The breach exposed over 1 million emails and other user information, which helped the attackers to target and personalize the emails for the recent phishing attack.
The official Ledger website gave more details on the July data breach, reporting that an unauthorized third party accessed their e-commerce and marketing database (consisting mostly of email addresses, but also other contact details such as first and last name, postal address, email address, and phone number). They assured their customers that no payment info nor passwords were compromised, but warned about the possibility of phishing attempts. “We recommend you exercise caution — always be mindful of phishing attempts by malicious scammers. To put it simply, Ledger will never ask you for the 24 words of your recovery phrase,” said the company in the official report.
Tips for users
A research team from Edinburgh University has discovered that even the heavily encrypted hardware wallets have weak spots that hackers can exploit. Still, they are considered a far safer solution for storing cryptocurrencies than hot wallets. Some important steps hardware wallet users can take to double down the security of their crypto:
- Securing the computer connected to the hardware wallet with a regularly updated, reliable security software
- Staying alert for phishing scams
- Contacting the customer service of their wallet manufacturer after detecting any suspicious activity
- Following the manufacturer’s official website for any information and updates on possible security issues
The professional-looking Ledger fake email is another proof that phishing attacks are becoming more sophisticated. It is necessary to double-check received emails for any of the phishing scam signs: a sense of urgency, spelling errors, suspicious links and attachments, a mismatched URL, among other. While Ledger is still investigating the phishing attack, users are advised to increase their caution.