.jpg)
<
p style=”text-align: justify;”>
Ledger users are once again in the crosshairs of phishing attacks as hackers employ increasingly advanced tactics to steal crypto assets. The latest campaigns involve fake emails crafted to deceive users into revealing their secret recovery phrases, potentially compromising their wallets and digital funds. These attacks typically begin with emails impersonating official notifications from Ledger, exploiting trust to lure victims.
How the Scam Works
The phishing emails, sent via SendGrid, claim to address a “security update” needed due to a supposed “data leak.” Victims are urged to verify their recovery phrases using a fake “official security verification tool.” Clicking the provided link redirects users to a fraudulent website hosted on AWS, with the domain ledger-recovery.info. Here, users are asked to enter their recovery phrases, which are then stored on the server and sent directly to the attackers.
This scheme exploits the critical role of the recovery phrase in cryptocurrency security. A Ledger hardware wallet protects funds using a 24-word recovery phrase (or 12 words generated by Ledger). Possession of this phrase grants full access to the wallet, making it essential to keep it private and offline at all times.
Ledger’s History as a Target
Phishing attempts against Ledger are not new. The company has been a
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.