The post Ledger Phishing Scams Surge During Holiday Online Activity Boom appeared on BitcoinEthereumNews.com.

Popular hardware cryptocurrency wallet Ledger is the latest target of a new wave of phishing scams after perpetrators spoofed official-looking emails to trick victims into revealing their recovery phrases. These attacks exploit concerns about security and the upcoming holiday season’s surge in online transactions, highlighting the ongoing risks facing crypto investors. Exploiters Spoof Ledger Emails Technology news and computer help website Bleeping Computer reported that phishing campaigns begin with emails designed to look like official Ledger communications. “A new Ledger phishing campaign is underway that pretends to be a data breach notification. It asks you to verify your recovery phrase, which is then stolen and used to steal your cryptocurrency,” an excerpt in the report read. The emails are complete with the subject line: “Security Alert: Data Breach May Expose Your Recovery Phrase.” Sent through the SendGrid email-marketing platform, the messages falsely claim that Ledger has suffered a recent data breach, potentially exposing recovery phrases. With this, the email urged recipients to verify their phrases using a “secure verification tool.” Per the report, the emails direct users to a convincing Ledger-branded website hosted on Amazon Web Services. The website then redirects to a domain — ledger-recovery[.]info — registered on December 15, 2024. The site mimics Ledger’s legitimate platform, complete with a prompt to perform a “security check” by entering the wallet’s recovery phrase. This prompt is highly deceptive. It validates entered words against a list of 2,048 recognized terms used in recovery phrases. Regardless of the input, the site claims the phrase is invalid, encouraging users to re-enter their details and ensuring the scammers collect accurate data. Armed with this information, attackers gain full control over victims’ wallets. This allows them to drain cryptocurrency holdings and steal other digital assets. Ledger’s Response after a History of Exploitation Ledger did not…

---

Filed under: News - @ December 18, 2024 12:29 pm