Today new Ledger SMS and email phishing attacks reported by users
Last Updated on 28 November 2020 by CryptoTips.eu
The crypto ecosystem has a known reputation for its high volatility and high risk. Asides the rise and fall of cryptocurrencies which pose a great threat to one’s assets, one can also lose his or her assets from hacks and scams. Wherever you turn to, there’s always one party trying to scam people into losing their money.
Recently, Ledger users have been attacked multiple times by scammers who try to steal their coins, and it doesn’t seem to stop. Today there were multiple phishing attacks through SMS and email again.
Update November 28, 2020: Today they are sending new phishing text messages. Please do not click on these links, these messages are 100% fake.
These scammers are also trying a new tactic, promoting a “Ripple Community Incentive Plan and the Support Program“. Promising they will distribute over 5.12 billion XRP, but the app will steal your tokens. This Reddit user lost 4K XRP due to this scam.
Earlier this year, there was a major leak of email addresses and personal data. The email addresses of 1.1 million customers were leaked and more detailed information of 9500 customers
Our data show that 1M email addresses and 9500 detailed personal information leaked.
— Ledger (@Ledger) July 29, 2020
If you are concerned by the detailed personal information leak, you will receive a dedicated email today by 5pm CET. If your postal address or phone number is concerned, it will be specified. pic.twitter.com/cCjqgfUom3
Ledger stated that they contacted all 9500 customers who were a victim of the detailed information leak. We never received a notification about this, but we were also targeted by the phishing mails and text messages of Ledger. The customer support unfortunately doesn’t respond to cases like this.
The consequences are big
Multiple users on Reddit are reporting new cases of phishing attempts today. The phishers are trying a new strategy where immediate action is required. Extremely dangerous for potential victims.
Ledger txt scam. Clearly a scam as it barely makes sense. Probably linked to the Ledger data breach from a while ago as I received another text with my name on it and clearly they have my phone number. Anyone else received one of these?? from btc
Now, scammers are targeting Ledgers users and have managed to loot over 1.1 million XRP. Other cases are not publicly known.
Users noticed that a phishing email takes them to a cloned version of Ledger’s website. The fake version of the website has a homo glyph in the URL replacing the letter “e”. The site tricks them into downloading malware and uses the opportunity to steal money from the person’s account.
Many Ledgers users are angry about how a platform that claimed to use the best security measures could allow this to happen to its users. One user noticed the emails in his spam folder and decided to analyze the email.
He noticed that the leak was coming from an affiliate email address used with Ledger. He exclaimed that not only did the leak come from the marketing DB, but also the e-commerce DB and the affiliate DB as well.
Scammers can get rid of the coins quickly
A fraud awareness site, XRP Forensics reported that the coins collected during the scam were sent out to the Bittrex exchange in five different transactions. However, the cryptocurrency exchange could not seize the coins.
The entire amount was sent in 5 payments to @BittrexExchange who were unable to seize it in time.
— XRP Forensics (@xrpforensics) November 3, 2020
Ledger confirmed the breach noting that close to a million emails were compromised. Also, 9500 customer details were leaked. Although the company fixed the vulnerability, this recent incident confirmed that the damage was long done and that more people are affected.
Will this ever stop?