We’ve all been there. Some dubious message in the Inbox, telling something about a security issue in our provider/platform and asking for our credentials. It’s an old trick, but sometimes it seems more real, and maybe that’s the case of the last fake Ledger emails sent mainly to the customers.
Let’s remember that Ledger is a provider of hardware cryptocurrency wallets, i.e. small devices designed to store cryptos out of the Internet and, supposedly, in a more secure way than traditional software wallets. However, this doesn’t mean their users don’t have any risk at all, like it’s been proved.
Sadly, Ledger suffered a data breach last July. Around 1M email addresses of their customers were stolen by a malicious and unknown party. No credentials or passwords were involved, but the result was the hackers keeping in their hands the mails of the Ledger users.
Now we can see the consequences of such an event because the attackers designed a massive bunch of fake Ledger emails and are sending them to the customers. Their main goal is deceiving the most people as possible to steal their private keys and passwords, and, therefore, the cryptocurrencies they may have in this wallet.
To do so, an “Important Security Update” informs the users about another data breach in Ledger, which would require them to install the last software version of this wallet. Of course, everything is a lie.
If the user clicks on the link provided by the fake Ledger emails, they’ll be redirected to an identical version of the official company webpage, except for tiny differences in Punycode characters (for example, led ģė r.com instead of ledger.com). If they choose to download the “new” version on their Desktop, the panel will ask for their private keys and passwords.
That’s the crucial moment where a user might be robbed or not. The attackers need this data to have access to the funds, so, avoid giving it up at all cost.
Don’t fall for fake emails
This kind of tactic it’s known as “phishing”. We can say it’s partly malware and partly a scam because, despite all the developing efforts put into it, the results depend entirely on deceiving people. So, that’s the weakness of this attack: if you don’t believe, you won’t fall.
It’s important to always check the URL in these cases because it’s a great giveaway. It’s always different in some way from the original, because it can’t exist two identical domains. Internal links and some other details use to be wrong as well on phishing sites. It’s enough to be careful and pay attention to the critical details.
Now it can be just some fake Ledger mails, and tomorrow we don’t know. Hackers are becoming more and more creative, and we should be more and more cautious.
Featured Image by Andrew Martin / Pixabay
Originally published at https://blog.alfa.cash on December 12, 2020.