Bitcoin Forum
December 02, 2021, 01:54:04 AM *
News: Latest Bitcoin Core release: 22.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3] 4 5 6 7 8 9 »  All
  Print  
Author Topic: New Ledger phishing mail targets individual users  (Read 1714 times)
Pmalek
Legendary
*
Offline Offline

Activity: 1876
Merit: 3130


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile
November 27, 2020, 12:11:02 PM
 #41

@jerry0
The mails might have gotten into your spam folder. Unless you check it regularly, they get deleted after a week or two, depending on the client.
It is just a coincidence that users lost XRP. That coin is surely not targeted for some reason.
Yes, users received a link telling them to download a new version of the software. Once installed, it asked users to enter their 24-word seeds. Those who did, sent their seed to the hackers.

Your seed and private keys are kept on your hardware wallet, even if your computer is compromised. Nobody can access assets on a crypto wallet remotely because they need to to confirm transactions by pressing the buttons on the hardware device. This can only be done by the person in possession of the wallet, not via the Internet.  

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1638410044
Hero Member
*
Offline Offline

Posts: 1638410044

View Profile Personal Message (Offline)

Ignore
1638410044
Reply with quote  #2

1638410044
Report to moderator
bob123
Legendary
*
Offline Offline

Activity: 1610
Merit: 2428



View Profile WWW
November 27, 2020, 12:26:37 PM
Merited by o_e_l_e_o (2)
 #42

It is just a coincidence that users lost XRP. That coin is surely not targeted for some reason.
Yes, users received a link telling them to download a new version of the software. Once installed, it asked users to enter their 24-word seeds. Those who did, sent their seed to the hackers.


The attack:
  • A phishing mail targeting badly informed user to retrieve a hardware wallet mnemonic code.
The targeted Coin:
  • A coin which is a fully centralized shitcoin no sane and informed person would buy.


There might be some correlation  Grin

LTU_btc
Legendary
*
Offline Offline

Activity: 2170
Merit: 1056



View Profile WWW
November 28, 2020, 07:24:29 PM
 #43

Few days ago I also got almost same email. Only diference from message in OP is sender address is legdersupport.com and number of customers is changed from 85 000 to 81 000. I almost immediately realised that something is wrong with this message because it was in my spam folder, while usually messages from Ledger is shown in my main folder.
Anyway, it's very typical phishing attack, not the primitive one, but not the most sophisiticated. Only difference  that they used database from Ledger to send these emails, while usually such data is collected from other sources, like phishing websites, sold email databases and etc.




▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄                  ▄▄▄   ▄▄▄▄▄        ▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄
 ▀████████████████▄  ████                 █████   ▀████▄    ▄████▀  ▄██████████████   ████████████▀  ▄█████████████▀  ▄█████████████▄
              ▀████  ████               ▄███▀███▄   ▀████▄▄████▀               ████   ████                ████                   ▀████
   ▄▄▄▄▄▄▄▄▄▄▄█████  ████              ████   ████    ▀██████▀      ██████████████▄   ████████████▀       ████       ▄▄▄▄▄▄▄▄▄▄▄▄████▀
   ██████████████▀   ████            ▄███▀     ▀███▄    ████        ████        ████  ████                ████       ██████████████▀
   ████              ████████████▀  ████   ██████████   ████        ████████████████  █████████████▀      ████       ████      ▀████▄
   ▀▀▀▀              ▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀  ▀▀▀▀        ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀        ▀▀▀▀       ▀▀▀▀        ▀▀▀▀▀

#1 CRYPTO CASINO & SPORTSBOOK
▄▄▀▀▀▀▀▀▀▀▀▄▄
▄█▀▄▄▀▀█▀▀▀█▀▀▄▄▀█▄
▄█▀▄▀▀█ ▄█▄▄▄█▄ █▀▀▄▀█▄
▄▀▄██▄▄▀▀▄▄ ▀▄▄▀▀▄▄██▄▀▄
▄█ ████ ███▌▐███ ████ █▄
█ ████ ████ ███ ████ ████ █
█ ████ ███ ▄▄▄▄▄ ███ ████ █
█ ████ █▀▄█▀▀▀▀▀█▄▀█ ████ █
▀█ ████ ██ ▄▀▀▀▄ ██ ████ █▀
▀▄▀██▀█▄▄ ▀▀▀▀▀ ▄▄█▀██▀▄▀
▀█▄▀█▄▄▀▀█████▀▀▄▄█▀▄█▀
▀█▄▀▀██▄▄▄▄▄██▀▀▄█▀
▀▀▄▄▄▄▄▄▄▄▄▀▀
OFFICIAL
BETTING
PARTNER
.INSTANT & FAST..
.TRANSACTION.....
.PROVABLY FAIR..
......& SECURE......
.24/7 CUSTOMER.
.............SUPPORT.
BTC      |      ETH      |      LTC      |      XRP      |      XMR      |      BNB      |     more
Lucius
Legendary
*
Offline Offline

Activity: 2352
Merit: 2914


Feed one child - change the world🎗


View Profile WWW
November 29, 2020, 11:43:46 AM
 #44

Few days ago I also got almost same email.

I haven't received anything yet (email or SMS) yet, but even if that happens we all know that the danger exists only for those unfamiliar with the basics. I don't think most users will even see such e-mails because, as in your case, they usually end up in a spam folder - and when it comes to text messages, most smartphones have the option to block calls or messages from unknown numbers - which is not only useful in this case, but generally if you receive a lot of SMS spam.



Recently there was news that as many as 23 600 databases were publicly available for several hours to download, so although it is not directly related to Ledger hack - check your accounts and change passwords if necessary.

Pmalek
Legendary
*
Offline Offline

Activity: 1876
Merit: 3130


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile
November 29, 2020, 07:45:06 PM
 #45

New phishing attempts are being sent out. This time the scammers are claiming that someone tried to log in to your Ledger account from an unknown Ledger Nano hardware wallet. The sign in attempt came from Russia they say. Users are being recommended to cancel device authorization from the account settings. And there is a cancel button that seems to redirect to a google.doc document.

This is how it looks:
 

bob123
Legendary
*
Offline Offline

Activity: 1610
Merit: 2428



View Profile WWW
November 30, 2020, 11:00:57 AM
 #46

~snip~

Wow.. people have to be extremely uninformed to fall for something like that.. @ledger.com-e8-encryption-s24.email-n2-alert.app.. really?  Grin

People who still think there are "ledger accounts" with a hardware wallet.. are lost.
They will get compromised. Maybe not with this phishing mail, maybe not with the next.. but with some other in the future..

btcwish1
Full Member
***
Offline Offline

Activity: 395
Merit: 108


View Profile
November 30, 2020, 01:28:08 PM
 #47

New phishing attempts are being sent out. This time the scammers are claiming that someone tried to log in to your Ledger account from an unknown Ledger Nano hardware wallet. The sign in attempt came from Russia they say. Users are being recommended to cancel device authorization from the account settings. And there is a cancel button that seems to redirect to a google.doc document.

This is how it looks:
 

Yes I got this email as well.

I am worried that some newbies of hardware wallet may fall for this type of email. I have seen lot of phishing emails before from different companies but these ledger phishing emails really do like original!
Pmalek
Legendary
*
Offline Offline

Activity: 1876
Merit: 3130


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile
November 30, 2020, 01:36:42 PM
 #48

Is there even something that resembles device authorization in the account settings on Ledger Live? I don't have access to the PC I have Ledger Live installed on at the moment so I can't check. I know Ledger is compatible with the Fido U2F app. Maybe they are asking users to disable login access to other devices. I haven't used the U2F app so not sure how it works.

dkbit98
Legendary
*
Offline Offline

Activity: 1344
Merit: 2802


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile WWW
November 30, 2020, 01:49:42 PM
Last edit: November 30, 2020, 02:10:43 PM by dkbit98
 #49



I am reading one 'nice' thank you letter from one of the ledger customers on reddit:

Quote
Thank you Ledger
Since the loss of personal data by Ledger this summer, I have received numerous emails trying to gain access to my ledger.

Couple of days ago, I first got a text claiming a breach of the ledger and an additional link. Which makes it very clear where this data came from... I've seen a post with the same text on this page before.

I would like to take this opportunity to thank the Ledger team for taking good care of the personal data that they receive, especially since they operate in such a sensitive market (finance) and the fact that they informed numerous malicious actors that I have a ledger and probably some crypto, and my email, phone number and possibly home address.

Hey at least I got some sort of apology I guess.

Thank you Ledger.
https://www.reddit.com/r/ledgerwallet/comments/k3vp08/thank_you_ledger/

Quote
Hackers are now sending google maps link of your home address! 👀 to scare more people


New phishing attempts are being sent out. This time the scammers are claiming that someone tried to log in to your Ledger account from an unknown Ledger Nano hardware wallet. The sign in attempt came from Russia they say. Users are being recommended to cancel device authorization from the account settings. And there is a cancel button that seems to redirect to a google.doc document.

I expect to see more attempts like this from hackers to pair growing discounts from ledger.
They need new customer data as soon as possible.

btcwish1
Full Member
***
Offline Offline

Activity: 395
Merit: 108


View Profile
December 04, 2020, 01:49:03 PM
Last edit: December 05, 2020, 06:55:02 PM by btcwish1
 #50

Yet another phishing email today. it is just not stopping:


ETFbitcoin
Legendary
*
Offline Offline

Activity: 2072
Merit: 3374


NotYourKeys.org - Not Your Keys, Not Your Bitcoin


View Profile
December 05, 2020, 12:19:55 PM
 #51

Is there even something that resembles device authorization in the account settings on Ledger Live? I don't have access to the PC I have Ledger Live installed on at the moment so I can't check. I know Ledger is compatible with the Fido U2F app. Maybe they are asking users to disable login access to other devices. I haven't used the U2F app so not sure how it works.

No, but it sounds convincing for people who don't know/remember how ledger hardware wallet/ledger live works.

Yet another phishing email today. it is just not stopping:

--snip--

Your screenshot expose your own email address, remove them if you don't want more spam.

suchmoon
Legendary
*
Offline Offline

Activity: 2884
Merit: 6850


https://bpip.org


View Profile WWW
December 06, 2020, 12:01:09 AM
 #52

My hardware wallet has been deactivated and I need to pass KYC, a very helpful text message told me today, addressing me by my full name.

Csmiami
Copper Member
Legendary
*
Offline Offline

Activity: 1078
Merit: 1125


I'm sometimes known as "miniadmin"


View Profile WWW
December 06, 2020, 12:03:17 PM
Last edit: December 06, 2020, 07:16:56 PM by Csmiami
 #53

My hardware wallet has been deactivated and I need to pass KYC, a very helpful text message told me today, addressing me by my full name.

Haven't you heard? New Ledger devices will come with a camera for face ID and a fingerprint scanner for fingerprint ID too!




Shouldn't have joked about that; now I have received that same SMS....

Funny thing is it's been sent by KYC, not by LEDGER (like the previous one)

suchmoon
Legendary
*
Offline Offline

Activity: 2884
Merit: 6850


https://bpip.org


View Profile WWW
December 06, 2020, 01:37:50 PM
 #54

Haven't you heard? New Ledger devices will come with a camera for face ID and a fingerprint scanner for fingerprint ID too!

I thought the device itself is a disguised anal probe so I got very excited... alas, they just wanted me to tap a very legit-looking link like ledger.com-send-us-all-your-personal-data-and-perhaps-your-seed-too-123456.app

dkbit98
Legendary
*
Offline Offline

Activity: 1344
Merit: 2802


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile WWW
December 06, 2020, 02:28:32 PM
 #55

My hardware wallet has been deactivated and I need to pass KYC, a very helpful text message told me today, addressing me by my full name.

They asked politely.
Your best solution for this 'KYC' is to change your phone number, and maybe change your name and address if there is some special witness protection program Smiley

Check out this recent comment on reddit, that makes me think how (not) secure their system still is, and maybe all this hack stuff was some inside job:

Quote
Hello, first time poster but I think this might be relevant.

I first bought a ledger nano s about two years ago and was probably not among the people that had their data leaked this summer as I never received spam/phishing messages (neither by email or sms).

Last week, during black friday I decided to pick up another ledger as backup. I took some precautions such as using an alternative email and old phone number that I barely use.

The info is completely different from the first time a bought a ledger (even the address and payment method was different).

Today, I checked for the shipping tracking on the email used specifically for the purchase. In the spam folder, I notice there was that scammy ledger message ("download the update here"). Obviously, I immediately deleted the message.

If scammers had access to my email, it means that ledger must still be leaking data as they didn't have this specific info 7 days ago.

Can Ledger please confirm this? It would be nice to know if our private data continues to be handled poorly.

Quote
You are not the first to claim real time data leaks. This is insane! They are too busy moderating this subreddit of legitimate privacy concerns than to handle shit on their end to make sure these leaks aren't occurring. Wtf do they even use for their e-commerce?? They need to be made aware of this asap as they are equally responsible.
https://www.reddit.com/r/ledgerwallet/comments/k7t6wy/is_ledger_still_leaking_data/

I will do my own testing to confirm this with new temp email.

LTU_btc
Legendary
*
Offline Offline

Activity: 2170
Merit: 1056



View Profile WWW
December 06, 2020, 11:15:21 PM
 #56

New phishing attempts are being sent out. This time the scammers are claiming that someone tried to log in to your Ledger account from an unknown Ledger Nano hardware wallet. The sign in attempt came from Russia they say. Users are being recommended to cancel device authorization from the account settings. And there is a cancel button that seems to redirect to a google.doc document.
This is how it looks:
https://i.imgur.com/LwRt23i.png
I also got similar message recently with few differencies, now they used French IP address. Yeah, it redirect to Google Docs, where link to website which claims to be Ledger.com is uploaded. But actually, it's half-broken phishing website with most of links not working.
BTW, I'm not sure that this email is related with database from Ledger. It might be just another common phishing email that we get almost daily from all kind of websites.




▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄                  ▄▄▄   ▄▄▄▄▄        ▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄
 ▀████████████████▄  ████                 █████   ▀████▄    ▄████▀  ▄██████████████   ████████████▀  ▄█████████████▀  ▄█████████████▄
              ▀████  ████               ▄███▀███▄   ▀████▄▄████▀               ████   ████                ████                   ▀████
   ▄▄▄▄▄▄▄▄▄▄▄█████  ████              ████   ████    ▀██████▀      ██████████████▄   ████████████▀       ████       ▄▄▄▄▄▄▄▄▄▄▄▄████▀
   ██████████████▀   ████            ▄███▀     ▀███▄    ████        ████        ████  ████                ████       ██████████████▀
   ████              ████████████▀  ████   ██████████   ████        ████████████████  █████████████▀      ████       ████      ▀████▄
   ▀▀▀▀              ▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀  ▀▀▀▀        ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀        ▀▀▀▀       ▀▀▀▀        ▀▀▀▀▀

#1 CRYPTO CASINO & SPORTSBOOK
▄▄▀▀▀▀▀▀▀▀▀▄▄
▄█▀▄▄▀▀█▀▀▀█▀▀▄▄▀█▄
▄█▀▄▀▀█ ▄█▄▄▄█▄ █▀▀▄▀█▄
▄▀▄██▄▄▀▀▄▄ ▀▄▄▀▀▄▄██▄▀▄
▄█ ████ ███▌▐███ ████ █▄
█ ████ ████ ███ ████ ████ █
█ ████ ███ ▄▄▄▄▄ ███ ████ █
█ ████ █▀▄█▀▀▀▀▀█▄▀█ ████ █
▀█ ████ ██ ▄▀▀▀▄ ██ ████ █▀
▀▄▀██▀█▄▄ ▀▀▀▀▀ ▄▄█▀██▀▄▀
▀█▄▀█▄▄▀▀█████▀▀▄▄█▀▄█▀
▀█▄▀▀██▄▄▄▄▄██▀▀▄█▀
▀▀▄▄▄▄▄▄▄▄▄▀▀
OFFICIAL
BETTING
PARTNER
.INSTANT & FAST..
.TRANSACTION.....
.PROVABLY FAIR..
......& SECURE......
.24/7 CUSTOMER.
.............SUPPORT.
BTC      |      ETH      |      LTC      |      XRP      |      XMR      |      BNB      |     more
Pmalek
Legendary
*
Offline Offline

Activity: 1876
Merit: 3130


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile
December 07, 2020, 10:09:12 AM
 #57

I will do my own testing to confirm this with new temp email.
I was curious about the same thing so I already did this two days ago.

I created a new email address and I signed up to their affiliate program on the main website. I also signed up to their newsletter. I placed a Ledger device in the shopping cart and entered my email address. I didn't finalize the purchase but the email address was added and TOS accepted, etc. Now I am waiting to see if any phishing mails will arrive.

I just checked the email address and there was only 1 new email sent from their Newsletter department telling me about the Ledger Academy, Ledger Blog, etc. No phishing emails so far. If nothing arrives in the next week, I can assume there is no ongoing data leak.

dkbit98
Legendary
*
Offline Offline

Activity: 1344
Merit: 2802


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile WWW
December 07, 2020, 12:21:15 PM
 #58

I created a new email address and I signed up to their affiliate program on the main website. I also signed up to their newsletter. I placed a Ledger device in the shopping cart and entered my email address. I didn't finalize the purchase but the email address was added and TOS accepted, etc. Now I am waiting to see if any phishing mails will arrive.

I did the same thing because I don't fully trust what other people say or write and I like to confirm for myself.

Now I am just waiting to see if hackers will send me something to play with or not.

bob123
Legendary
*
Offline Offline

Activity: 1610
Merit: 2428



View Profile WWW
December 08, 2020, 09:30:50 AM
 #59

No phishing emails so far. If nothing arrives in the next week, I can assume there is no ongoing data leak.

That's to be expected.

To be honestly.. if there would be an ongoing leak a.k.a. the attacker still have control over their systems, ledger would have proven to be the worst company in terms of customers data protection.

I really can't imagine that their server are still compromised, that would require some exceptionally bad incident response. Guess that's not impossible tho..

Stalker22
Hero Member
*****
Offline Offline

Activity: 616
Merit: 510



View Profile
December 08, 2020, 08:13:44 PM
 #60

No phishing emails so far. If nothing arrives in the next week, I can assume there is no ongoing data leak.

That's to be expected.

To be honestly.. if there would be an ongoing leak a.k.a. the attacker still have control over their systems, ledger would have proven to be the worst company in terms of customers data protection.

I really can't imagine that their server are still compromised, that would require some exceptionally bad incident response. Guess that's not impossible tho..


I guess there's always the possibility of something being overlooked (the baddies are always so ingenious), for example: man-in-the-middle attack or even some sort of 'inside job'. As in the recent twitter case.
They may not even know they are leaking data. Purely speculation on my part, of course...


███████████████████████████
█████████▀▄▄▄▄▄██▀▀████████
█████▀▄█▀▀▄▄▄▄▄▄▄▀▀▄▄▀█████
████ █▀▄███████████▄▀██████
███▄█ ███████▀ ██████ █ ███
██▀█ ███  ▀▀█  ▀██████ █ ██
██ █ ████▄▄      ▀▀▀██ █ ██
██ █ █████▌        ▄██ ████
███▄█ █████▄▄   ▄▄███ █▀███
████▀█▄▀█████▌  ▀██▀▄█ ████
█████▄▀▀▄▄▀▀▀▀   ▄▄█▀▄█████
████████▄██▀▀▀▀▀▀██████████
███████████████████████████
.
█ █▀█ █▀█ █▀█  ▄  ▄▀▀ █   ▄▀█ ▀█▀ ▄▀▀ ▄███▄
█ █▀█ █ █ █ █ ▀█▀ ▀▀█ █   █ █  █  ▀▀█ ▀███▀
█ █▄█ █▄█ █▄█     ▄▄▀ ▀▄▄ █▄▀  █  ▄▄▀   
                                        █
████████████████████████████████████ 
███▀▀▀▀▀▀██████▀▀▀▀▀▀██████▀▀▀▀▀▀███ 
█▀▄██▀███▄▀██▀▄██▀███▄▀██▀▄██▀███▄▀████▄
█ █ ▀ ▀███ ██ █ ▀ ▀███ ██ █ ▀ ▀███ █████
█ ██    ▄█ ██ ██    ▄█ ██ ██    ▄█ █████
█▄▀██  ▀█▀▄██▄▀██  ▀█▀▄██▄▀██  ▀█▀▄████▀
███▄▄▄▄▄▄██████▄▄▄▄▄▄██████▄▄▄▄▄▄███
████████████████████████████████████
CRYPTO'S FASTEST
GROWING CASINO
               ▄███▄
            ▄████████

        ▄▄██████████
       █▀▀▀██▀▀▀████
      ███████████
    ▀▀▀████████████
      ▀███████████▀
      ▄███████████▄
 ▄
    ▀▀▀▀▀▀▀▀███▀▀   ▄
▀▀█▀▀
███████████▀▀▀█▀▀
    ████████████████
   ▄████████████████
▄█████████████████████▄
        ▄██▄
     ████████▄
     ██████████

    ████████████
     ▄████████▄
    █████████████
  ▄██████████████
  ▀██████████████▀
   █████████████▄
 ▄████████████████▄
████████████████████
 ▀▀▀████████████▀▀▀
       ██████
..PLAY NOW..
Pages: « 1 2 [3] 4 5 6 7 8 9 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!