New phishing email scam impersonating Ledger spotted
The emails claim the user’s Ledger wallet seed phrase was compromised, and asks for confirmation
Users that provide the seed phrase lose all their money
Criminals are trying to steal cryptocurrency by impersonating hardware wallet firm Ledger and sending phishing emails.
Victims have reported receiving emails pretending to be from Ledger, and claiming that their seed phrase (also known as recovery phrase, or mnemonic seed) is compromised. To protect their digital belongings, the victims are invited to “verify the security” of the recovery phrase through the “secure verification tool”.
The email comes with a “Verify my recovery phrase” button which leads people through an AWS website, to a domain “ledger-recovery[.]info”. There, users can enter their recovery phrase, which is then saved on a server and relayed to the attackers.
A recovery phrase is used to load the contents of a cryptocurrency wallet into a new device, or new software wallet. It usually comes as a series or either 12, or 24 random words. Whoever has access to this phrase, also has access to the funds, so it is absolutely pivotal that these remain offline, hidden, and not shared with anyone.
To make sure they’re getting the real deal, the scammers added several safeguards to the phishing page. The site is limited to 2048 valid words that can be entered as part of the mnemonic seed phrase. Furthermore, whatever the user enters, they will get the response that the seed phrase is wrong – most likely to allow the victims to double down on their entries and thus confirm they have provided the right information.
Phishing emails often used to have poor grammar and spelling and could typically be identified by clumsy, amateurish wording. However, with the introduction of generative AI, that is no longer the case. In this case, though, the clue was in the email address, since it came from the SendGrid email marketing platform. Furthermore, the link redirects through an Amazon AWS website, which should also be a red flag.
It is impossible to know how many people (if any) fell for the trick, but those that did lost their money permanently.
Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors
Via BleepingComputer
Original Author: Sead Fadilpašić | Source: TechRadar
The deal allows the U.S. to take more equity in Intel if the company doesn't…
We're expecting two new models alongside the all-new Apple Watch Series 11. | Original Author:…
Japan’s FugakuNEXT supercomputer will combine Fujitsu CPUs and Nvidia GPUs to deliver 600EFLOPS AI performance…
Microsoft has fired two more employees who participated in recent protests against the company’s contracts…
Microsoft announced its first homegrown AI models on Thursday: MAI-Voice-1 AI and MAI-1-preview. The company…
A comprehensive review of Max Tegmark's Life 3.0, exploring the future of artificial intelligence and…