If one thing is true, it is that fraudsters will never take holidays when it comes to taking people off and in some creative ways. Recently, these persons now send data fishing attacks directly to the mailbox, targeting the owners of the ledger wallet owners with fake letters carefully designed to separate the seed phrases under the shadow of peat updates.
The scheme came to light after the technical analyst Jacob Canfield posted a letter received at home. It mimics the Ledger's official brand and contains a QR code that directs the recipients to the site asking for their 24-word recovery phrase. The language is accurate and forced, threatening that failure to complete the so -called critical security update may restrict access to the wallet and its content.
Ledger publicly replied, repeating its standard warning: the company never asks for a recovery phrase and any application to submit it – regardless of the method – is theft.
“Please do not deal with accounts claiming to be the staff of the ledger, nor who are offering money to collect money,” the company posted after Canfield has disclosed.
This is not a random trend. This is likely to be related to the July 2020 violation, which revealed the names, telephone numbers and home addresses of more than 270,000 general books.
This database has been open for years. Tactics have changed – physical e -letter, not data fishing emails or fake websites. A few years ago, some users even reported fake ledger devices for malware and were delivered in a formal -looking package.
But it doesn't matter what method the fraudsters use. This is the basic prerequisite for crypto confidence and education; Any interaction that involves inserting a seed phrase outside your device is an experiment of theft – be it through a data fishing connection or your front door.
Here are some tips on how to attach your ledger wallet.
How to secure your head book device
Protecting yourself from fraud (and all other cryptor attacks) begins with one rule: Never share your restoration phrase. Not for the update, not for inspection, by no means.
When someone asks, they try to empty your wallet. No legal company needs your seed phrase and no secure system requires its entry online. The only place it belongs to is your hardware wallet at the time of setting or restoring. Here are the three most important tips for securing the ledger wallet:
- Beware of imitators: Ledger has made it clear that they do not contact users through informal channels. If you get a message in Whatsapp, Telegram, by phone, or via the alleged mail of the ledger, it is fake. Official communication is limited to specific domains and controlled social accounts. Anything else should be considered as a test of data.
- Keep your seed phrase without network connection and physically: metal backups outperform paper. Use a two -factor authentication in each of your areas. If your general ledger asks you to approve of what you did not initiate, stop right away. Messages that claim that your device is forbidden or blocked is a red flag – this danger is not even technically possible.
- A layer of its defense mechanism: opponents tools can help the known malicious domains before they reach them. Hold on to secure browsers and do not follow the links without manually checking the destination. When dealing with crypto, the assumption of cheating is safer than assuming legitimacy.
Again, if you get a suspicious message, an attempt to occur, or a data fishing website. Report this. Cut the signal off. There is no backward in silence while others walk into the same trap.
It does not concern paranoia. This consists of rejuvenating the feed before the hook set.
Related: Scramor Warning: OKX warns fake Firefox plug -in drainage users' wallets while
