[Warning] Fake Ledger wallet update email with phishing link.

[ScamViruS]

I received an email to update Ledger wallet, but basically it is a fake email and the purpose of this email is phishing attack. And the email I received it on is the email I used once on the Ledger wallet website to participate in a promotional event. That means the data that was leaked from the Ledger wallet website is now being used by hackers to target Ledger wallet users. So if someone has received such an email then do not click on the link attached to this email, scammers have added Malicious to this email. They are now actively continuing these activities. So everyone should be careful now they are on big mission even they are trying to take control of crypto users devices.




Virustotal : https://www.virustotal.com/gui/url/4d63b402f1d47ee4b4b6f261fae36e1e3fad593de532313ede4086f8b1eaf3cb/detection

[Zaguru12]

Once again Ledger is in the limelight for a wrong reason again. I think the last connectkit saga or let me say hackers definitely got some information from ledger and they are definitely using it. The thing is ledger themselves are aware of this phishing scam because they issued a warning against email scams. Maybe it’s time to finally ditch them for good.

[ScamViruS]

Once again Ledger is in the limelight for a wrong reason again. I think the last connectkit saga or let me say hackers definitely got some information from ledger and they are definitely using it. The thing is ledger themselves are aware of this phishing scam because they issued a warning against email scams. Maybe it’s time to finally ditch them for good.

The situation is getting worse and users' personal information is being leaked to hackers which is really a concern. Hackers either sell this information or hackers themselves use it to target crypto users. I am getting fake Ledger wallet update emails daily now they have flooded my email, which means hackers are now using this trend to scam. Ledger wallet data leak incidents are already happening, so Ledger wallet authorities should be more careful about keeping users' data safe.

[sunsilk]

Many of these emails will never be gone as it's like a database of the hacker or the phisher that keeps on collecting more emails of people and then will send it again soon.

The reminder has always been displayed on Ledger's website at the top of the page.

Beware of phishing attacks, Ledger will never ask for the 24 words of your recovery phrase. Never share them.

#StopTheScammers
Ongoing phishing campaigns

What I just don't like with this reminder in the latter is that at top of it, they're reminding people about the ledger recover, duh.

[Amphenomenon]

Once again Ledger is in the limelight for a wrong reason again. I think the last connectkit saga or let me say hackers definitely got some information from ledger and they are definitely using it. The thing is ledger themselves are aware of this phishing scam because they issued a warning against email scams. Maybe it’s time to finally ditch them for good.

I guess this is not their first data breach because Its seems like I saw something on their website last year. Good thing I never had anything with them and there have always been advice against using ledger here.
Most(if not all) CEX usually makes this same statement I guess I won't be wrong believing they have also suffered a data breach.

[sokani]

Thank you for the info. Since ledger announced plans to dish out a cloud-based private keys backup service, all has never been the same with hardware wallet giant. It has been making the headlines for the wrong reasons. The wounds from the GitHub library exploitation is still fresh in the hearts of many, now there's a security breach of customers email and there's the tendency that some unsuspecting persons might take the bait. Ledger really socks at security.

[Kelward]

Once again Ledger is in the limelight for a wrong reason again. I think the last connectkit saga or let me say hackers definitely got some information from ledger and they are definitely using it. The thing is ledger themselves are aware of this phishing scam because they issued a warning against email scams. Maybe it’s time to finally ditch them for good.

Crypto related hacks are a normal trends now, it's not surprising that you'd wake up to hear that an exchange or wallet has been hacked, hackers are not resting in upgrading their tactics, neither should we relent in being security conscious regarding any affairs on the internet. As this ledger email hack has come up to limelight again, it'll be very important for it's users to diligently verify and be sure of authenticity of information before clicking anything to avoid scams.

[Lucius]

I received an email to update Ledger wallet, but basically it is a fake email and the purpose of this email is phishing attack. And the email I received it on is the email I used once on the Ledger wallet website to participate in a promotional event. That means the data that was leaked from the Ledger wallet website is now being used by hackers to target Ledger wallet users.
~snip~

This is nothing new, the Ledger database was hacked a few years ago and it is not only about e-mails, but also about 300 000 of their users where all the data (name, surname, address and phone number) was leaked. But their CEO Pascal (lord of the rings) claimed not so long ago that this is not a problem and that most users did not even notice it.

Those who only receive phishing emails should consider themselves lucky, the rest can never rule out the possibility that they will become victims of even a physical attack.

[Dunamisx]

Once again Ledger is in the limelight for a wrong reason again. I think the last connectkit saga or let me say hackers definitely got some information from ledger and they are definitely using it. The thing is ledger themselves are aware of this phishing scam because they issued a warning against email scams. Maybe it’s time to finally ditch them for good.

I can't just believe the way things have just changed with the use of this hardware wallet called ledger, once it was well recommended, but now it's no longer trusted for use because of this kind of experiences and the trust level with the use of this wallet, when there's no privacy anymore secured with ledger, data bridge and many loophole has been used to ruin the acceptability of this wallet, thanks for sharing all this piece of informations.

[Yamane_Keto]

Since Ledger Wallet announced the possibility of sharing email with third parties, it was better to use a temporary email with all of their services. Having your data reach a third party will increase the possibility of it being leaked, hacked, or sold without there being a legal issue for Ledger.
There is no real benefit to using a personal email with their services, and it is best to stop using their hardware wallets.

[mk4]

Hackers/scammers will ALWAYS be making schemes or ways of tricking people because hacking hardware wallets is where they'll likely get high amounts of stolen funds. This(and scams in general) won't change as long as humanity exists.

Also: if you've been getting a lot of scam emails, it's a sign that you need to change email addresses.

[Porfirii]

I agree that their data leak a couple of years ago was very disappointing, and that recovery service is far from the idea hodlers have about holding one's keys oneself and being our own bank. But why the advice to stop using Ledger devices? as long as you use them the way you should, I still think they are good products.

[Learn Bitcoin]

Since Ledger Wallet announced the possibility of sharing email with third parties, it was better to use a temporary email with all of their services.

How would a user know that the emails and data were compromised? Ledger Wallet announced the possibility of sharing emails with third parties once they were already compromised. That means the users already registered with their email. How they would know that the ledger could be hacked and they should use a temporary email? Old ledger wallet users already abandoning their wallets.

For new users who are looking for a hardware wallet, I don't think people would choose a ledger wallet after all those sagas. There was too much controversy about their services. There is no reason someone would still use ledger wallet after knowing all these things.

[Lucius]

~snip~
Also: if you've been getting a lot of scam emails, it's a sign that you need to change email addresses.

If you use an e-mail that has good spam detection, most of such messages will go to the spam folder anyway, where they will be automatically deleted after some time. For those messages that still make it into the inbox, you should simply mark them as spam and in that way help other users not receive them in the inbox.

I'm not sure if there are certain words that can be added to spam filters in some e-mails so that you practically prohibit receiving e-mails that contain content that we are not interested in. For someone who does not own a Ledger or some other HW, I see no reason to receive any e-mails related to the same, especially if it is possible phishing/malware links.

[tranthidung]

I received an email to update Ledger wallet, but basically it is a fake email and the purpose of this email is phishing attack. And the email I received it on is the email I used once on the Ledger wallet website to participate in a promotional event.

Have you ever checked your email address with https://haveibeenpwned.com/ ?

It's possibly that your email will be marked as pwned.

I don't use Ledger wallet and don't know their condition to join Ledger promotional event, it's helpful if you share that is it opened for everyone or is it restricted to Ledger users only.

Because if it is opened for everyone, and you want to join it, you must use your throw away email or not important email to join events. If you use your main email to join events around many platforms, you expose yourself to many potential risk.

[mk4]

If you use an e-mail that has good spam detection, most of such messages will go to the spam folder anyway, where they will be automatically deleted after some time. For those messages that still make it into the inbox, you should simply mark them as spam and in that way help other users not receive them in the inbox.

I'm not sure if there are certain words that can be added to spam filters in some e-mails so that you practically prohibit receiving e-mails that contain content that we are not interested in. For someone who does not own a Ledger or some other HW, I see no reason to receive any e-mails related to the same, especially if it is possible phishing/malware links.

I mostly agree with you, but if you have an email that has been leaked through the Ledger email database leak, it's pretty much a lost cause; and I'm telling this from experience — you're simply just going to get everything thrown at you.

[Rikafip]

I mostly agree with you, but if you have an email that has been leaked through the Ledger email database leak, it's pretty much a lost cause; and I'm telling this from experience — you're simply just going to get everything thrown at you.

Those who got their email exposed via infamous Ledger database leak should have got rid off those emails as soon as it happened. At least that's what I did after the leak and when I started getting those phishing emails. Problem solved.  

[tyz]

And the email I received it on is the email I used once on the Ledger wallet website to participate in a promotional event.

It is not necessary that the email comes from the promotion campaign. As is known, Ledger was hacked some time ago and the data of the users who had ordered from Ledger was stolen, including the email addresses. Therefore, phishing mails that explicitly target Ledger customers are not uncommon. There was a complaining post here some time ago of a user, because he receives phishing mails targeting Ledger almost daily.

[LTU_btc]

Those who got their email exposed via infamous Ledger database leak should have got rid off those emails as soon as it happened. At least that's what I did after the leak and when I started getting those phishing emails. Problem solved.  

It's good if it was your secondary email, it's easy to replace it. But if you used it as your main email with all your contacts, work emails, important sign ups and etc, then it's a bit more problematic to start everything from scratch.
I'm getting such kind of emails often, but I barely notice it because almost always it goes to spam folder. Often even legit messages from Ledger goes there .

But their CEO Pascal (lord of the rings) claimed not so long ago that this is not a problem and that most users did not even notice it.

If it's minor issue, I'm wondering what would be serious problem for them. I hate when companies trying to pretend that everything is fine when everything is just burning and they think that their customers are fools who don't understand what's going on. Sometimes I think that it would be better to send message and admit "Yes, we f*cked up"

[albon]

It's good that you posted this topic here on the beginners' board, as there might be newcomers in the field who trust email messages blindly, thinking that fake and scam messages might only be transferred to the spam folder. However, these scam messages might also appear in the inbox. Therefore, before anyone rushes to click on any link in the received emails, they should verify the sender's email and confirm the authenticity of the message from official accounts on social media, whether it's for Ledger wallet or any other hardware wallet. It's better to avoid clicking on any links in suspicious emails or downloading any files or documents. Instead, rely on accessing official websites directly. Also, it's advisable not to use the primary email for all websites and exchanges, and avoid showing it publicly.