Scammers pose as Ledger customer support, report a leak of confidential data, and ask you to confirm your recovery phrase.
“To protect your assets, we strongly recommend that you verify the security of your recovery phrase using our secure verification tool,” the attackers said in the message.
Clicking on the attached link redirects users to the Amazon AWS website and then takes them to a phishing page disguised as the official Ledger service.
As you enter each word, the phishing page checks to see if it is one of 2,048 valid words that can be entered as part of the recovery phrase. Moreover, no matter what phrase the user enters, it will always indicate its invalidity. In this way, scammers ensure that victims enter a phrase several times and allow attackers to make sure that the correct words are entered.
BleepingComputer reminded that Ledger never asks crypto wallet owners to provide a recovery phrase and it should not be shared with anyone else.
Previously, to steal crypto assets, scammers tried to convince users of the Ledger hardware wallet to activate the Ledger Clear Signing security feature, which supposedly allows them to automatically double-check smart contract addresses, amounts and commissions.
Source: Bits
I am an experienced journalist, writer, and editor with a passion for finance and business news. I have been working in the journalism field for over 6 years, covering a variety of topics from finance to technology. As an author at World Stock Market, I specialize in finance business-related topics.
