Magic Internet Money podcast presenter Brad Mills shared an incident in which a man lost $ 50,000 after falling into a Ledger phishing scam. The amount would be the victim's life savings.
In August the company Ledger had leaked customer data and most users of the famous hardware wallets had their e-mails exposed. According to several screenshots in cryptocurrency communities, scammers who had access to the email list began sending phishing to victims in an attempt to steal bitcoins.
Although the subject has been widely publicized, the possibility of someone opening one of these emails is becoming almost inevitable. One victim ended up falling for the scam and lost $ 50,000 after downloading fake software.
The message even mentions data leakage and that the user's currencies are at risk.
"If you received this email it is because you were affected by the security breach, please download the most updated version from the link below".
If the user clicks on the link and installs the software he ends up configuring a new wallet PIN and sends the cryptocurrencies to the scammers.
Ledger had the data leaked in October this year and since then several people have reported similar cases on Reddit and Twitter.
The company says users should not download updates from a website other than the official website. Ledger also said that the initial recovery phrase should never be misused on any website, as Ledger never asks users for such information.
The company has pledged to take proactive measures to prevent the scams from continuing.
“Ledger users are continually being targeted by phishing attacks on social media, search engines, and by email. Scammers are able to perfectly mimic Ledger's website, content, or apps to entice users to enter their 24-word recovery phrase. Please be very cautious. If you're asked to provide your recovery phrase OR submit assets, it's a scam. ” The company says on its website.
The company also cites the following security measures:
- Reminder: Anyone with access to your 24-word recovery phrase can take your assets.
- Never enter your 24-word recovery phrase anywhere other than your Ledger device.
- ledger will never ask for your 24-word recovery phrase.
- Only use official Ledger contact details.
