Ledger: Warning of current phishing attacks
Lately, Ledger customers are increasingly reporting phishing attempts via email or SMS. In the messages, the attackers try to direct the victims to fake ledger pages to install a supposedly necessary security update. However, this fails and serves only as a pretext to be asked to enter its recovery seed. This would give the scammers access to all cryptocurrencies managed with the Ledger hardware wallet
These messages must be ignored and reported as spam. Ledger will never ask for a recovery seed and assure suses that payment information and cryptocurrencies are secure. Updates should only be downloaded from the official website or performed directly via Ledger Live.
The phishing attempts can be traced back to a data loss of e-commerce and marketing data from July 2020 (1). This data consisted mainly of e-mail addresses, but a subset also contained contact and order details such as first and last name, postal address, e-mail address and telephone number.
Some users report (2) that they also receive the phishing messages, even though they have only recently ordered a hardware wallet Ledger, however, has not reported any new data theft and is more likely to assume that the newer data comes from other databases (3).