{Warning}: Another fake and phishing Ledger

[Baofeng]

Watch out for this fake Ledger site;

Code:

PHISHING SITE: https://check-ledger.com/

REAL LEDGER WEBSITE: https://ledger.com



Do not enter your 24 recovery phase here.



Domain information:

Code:

Registrant	Domain Admin
Registrant Org	Privacy Protect, LLC (PrivacyProtect.org)
Registrant Country	us
Registrar	PDR Ltd. d/b/a PublicDomainRegistry.com
IANA ID: 303
URL: www.publicdomainregistry.com,http://www.publicdomainregistry.com
Whois Server: whois.publicdomainregistry.com

(p)
Registrar Status	clientTransferProhibited
Dates	29 days old
Created on 2020-07-21
Expires on 2021-07-21
Updated on 2020-07-21	  
Name Servers	CAROL.NS.CLOUDFLARE.COM (has 20,381,342 domains)
KHALID.NS.CLOUDFLARE.COM (has 20,381,342 domains)
  
Tech Contact	Domain Admin
Privacy Protect, LLC (PrivacyProtect.org)
10 Corporate Drive,
Burlington, MA, 01803, us

(p)
IP Address	104.27.144.182 - 595 other sites hosted on this server

[1715483777]

1715483777

[1715483777]

1715483777

[jackg]

How did you find this website? Were you searching for it, see an ad or an email? It might be easier to try to target information if there was a specific pathway they used.

[Velkro]

How did you find this website? Were you searching for it, see an ad or an email? It might be easier to try to target information if there was a specific pathway they used.

Agree this is very important info.
This is real danger for hardware wallets users actually. Why? Because they usually are not experienced in tech since they using hardware wallets.
They want security be done by someone/something else. This is crucial for hardware wallets users to learn what is phishing.

[Coyster]

They want security be done by someone/something else. This is crucial for hardware wallets users to learn what is phishing.

On the bolded part above, their hardware wallet is doing that for them already, but the HW's defenses are broken when the users enter their seed phrase on any site or post it for public viewing and btw the wallet comes with a warning not to do so. HW wallet users should understand that no matter how secure their wallet is, their funds aren't technically stored in it (the wallet) but in the blockchain network, and with their seed, all the scammer needs to do is to import their keys (which is stored/protected by the HW device) in another interoperable wallet and spend the funds.

This is real danger for hardware wallets users actually. Why? Because they usually are not experienced in tech since they using hardware wallets.

Are software wallet users "experienced in tech" ? I don't know how you came about with the quoted assertion above, but AFAIK, the wallet standard used doesn't determine how tech savvy the user of the wallet is. See this thread https://bitcointalk.org/index.php?topic=5269446.0 and I agree with quite a lot that was said in it, I'll quote o_e_l_e_o's reply here:

There is no wallet in existence which is immune to user error or human stupidity. If you type your seed phrase in to a website or store it online, then your funds will be stolen, and there is nothing any wallet can do to stop that from happening. Hardware wallets are good for a number of reasons, but they are not infallible, not immune to bugs or vulnerabilities, and can't stop a user doing something stupid like sharing their seed phrase with a random website or confirming transactions without double checking them.

[DdmrDdmr]

<…>

This would actually be very important to know, since knowing the access path is generally what matters most, allowing for a broader collective and individual conscious of how people end up landing on these scam dummy sites. I’ve looked around for a while now, but found no information on the access path to the site.

[jademaxsuy]

<…>

This would actually be very important to know, since knowing the access path is generally what matters most, allowing for a broader collective and individual conscious of how people end up landing on these scam dummy sites. I’ve looked around for a while now, but found no information on the access path to the site.

I had not been surprise anymore with these fake sites and phishing activities. This is just like doing ICO projects where thousands are scam though few are working great and now being successful. In regard to this fake sites or Phishing ledger posting it here in the forum will make this as an awareness to everybody. I myself do not really rely on sites instead I am more using a centralized app for cryptocurrency exchange where it is being regulated or given a license from the government to operate. It may take high transaction fee but at least I feel more secure than falling from the traps like OP being mention. Anyway, if there are new here in cryptocurrency and are afraid to get phished out then I suggest you to do the same thing on what I did. Try to make a research on exchanges that are being allowed by your government to operate. I do hope that no one will fall for this kind of trap in scamming other people or investors.

[jseverson]

This is real danger for hardware wallets users actually. Why? Because they usually are not experienced in tech since they using hardware wallets.

Are software wallet users "experienced in tech" ? I don't know how you came about with the quoted assertion above, but AFAIK, the wallet standard used doesn't determine how tech savvy the user of the wallet is.

It seems like they're assuming that people who know how to protect their coins don't need/want to use hardware wallets. It's quite a huge leap, yeah.

This would actually be very important to know, since knowing the access path is generally what matters most, allowing for a broader collective and individual conscious of how people end up landing on these scam dummy sites. I’ve looked around for a while now, but found no information on the access path to the site.

It doesn't seem to show up on Google or Bing even if you search for it specifically (check-ledger bitcoin), so maybe a phishing email?

[mk4]

How did you find this website? Were you searching for it, see an ad or an email? It might be easier to try to target information if there was a specific pathway they used.

Plot twist: OP mas been making his own Ledger phishing sites just to be able to report them here on Bitcointalk.

Jokes aside, it's very likely to be a Ledger Google ad. I think it's pretty safe to assume that scammers are mostly placing their baits on Google as it's a habit of a lot of people to Google the website they're planning on opening, rather than typing the full URL.

[jackg]

How did you find this website? Were you searching for it, see an ad or an email? It might be easier to try to target information if there was a specific pathway they used.

Plot twist: OP mas been making his own Ledger phishing sites just to be able to report them here on Bitcointalk.

Jokes aside, it's very likely to be a Ledger Google ad. I think it's pretty safe to assume that scammers are mostly placing their baits on Google as it's a habit of a lot of people to Google the website they're planning on opening, rather than typing the full URL.

Yeah I guess the ledger website links and check-ledger links might be trying to add some association. And on that note, urls are pulled up search engine search results based on the number of mentions...

[Lucius]

Jokes aside, it's very likely to be a Ledger Google ad.

I can't find a single phishing page of Ledger no matter what keywords I use, even if I turn off AdBlock. The advertising campaign may be targeted at specific regions, or hackers use social networks which is completely free and can be very effective.

Report the page to -> https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en

[mk4]

I can't find a single phishing page of Ledger no matter what keywords I use, even if I turn off AdBlock. The advertising campaign may be targeted at specific regions,

They're either region-specific, or they're not advertised on Google as frequently as we think; as I also frequently checked Google, but I've only caught a phishing ad twice out of like 30 attempts.

or hackers use social networks which is completely free and can be very effective.

Also really possible; but I'm pretty sure they're also using advertising. Slowly growing a fake social media profile(for free, without the usage of ads) is simply not feasible as they can get removed without even them being able to lure a single victim.

My guess: They use stolen credit cards to advertise both on Google and social media; to squeeze as much usage they can on a certain stolen credit card before the Google/social media/credit card account(whichever comes first) gets frozen.

[Baofeng]

I monitor it here:

https://github.com/409H/EtherAddressLookup

And this has been flagged like 6 days ago:

https://github.com/409H/EtherAddressLookup/commit/86113d5e00cfec4188a9caa623cd1b7481f791a7

But as you can see that phishing website is like almost a month now. So 'we' somewhat late in identifying it but I try to give the community a warning as much as I can.

Some of the websites being caught are being taken offline very quick or at least we can see a "Deceptive Site Warning" when we visited it. So I filter out those websites that are still up and somewhat need some help from the community to report it to either Google or the Domain Registrar itself. 

[taufik123]

Phishing websites like this are scattered and trick users into entering their private keys. this is a trap that scammers are creating together to trick users. The template and layout of the website appearance are very the same, only the url is different.
Phishing websites like this are usually distributed via email with the theme of giveaway and other prize distribution.

To avoid websites like this, I always write down the original website URL and save it.

[khaled0111]

Thanks OP for the warning but honesty the odds that someone will fall for this are very slim.
Anyone who visits a website about hardware wallets is supposed to have a minimum of knowledge about how wallets works and will find it suspecious that the website is asking to enter the recovery seed to secure his wallet!

I don't know what the scammer was thinking about when he created this website but it looks like he is not that experienced and didn't plan well for this attack.

[libert19]

The only phishing sites I fear is where scammers have done a very good job at making it look legit and holy shit this is one of them.

[Lucius]

libert19, you have nothing to fear no matter how someone designed/copied the website. The whole wisdom lies in not putting your seed or private key anywhere except in your hardware wallet in case you have to do it for some reason. Visiting such a website in itself in most cases does not pose any danger.

Thanks OP for the warning but honesty the odds that someone will fall for this are very slim.

Most will probably avoid such a trap, but the one behind it all still thinks that someone will be caught - and sometimes one big fish is enough to make the whole operation worthwhile. The fact is that a certain percentage of those who have a hardware wallet are not entirely sure about some things - and this is exactly the weakness that hackers are counting on.

[UserU]

How did you find this website? Were you searching for it, see an ad or an email? It might be easier to try to target information if there was a specific pathway they used.

If you follow malware researchers on socmeds like Twitter, they'd post lots of samples.

One good example is from this fella

https://twitter.com/CryptoPhishing