After a major leak of email and personal information earlier this year, Ledger customers are experiencing a surge in phishing attempts.
Phishing attempts and scams against Ledger wallet owners are on the increase with one such scam netting more than 1,150,000 XRP from its victims.
The scam used a phishing email that directed users to a fake version of the Ledger website that substituted a homoglyph in the URL — in this case a letter that looked like the letter ‘e’ but wasn’t. On the fake site, victims were fooled into downloading malware posing as a security update which drained the balance from their Ledger wallet.
I got a txt message last night with my full name saying ledger security alert….to download the security update. Deleted it instantly
— Kris Leslie (@Krissy1097) November 2, 2020
According to community run fraud awareness site xrplorer, the XRP collected from the scam was sent to Bittrex across five deposits, but the exchange was “unable to seize [the XRP] in time.”
In a similar ongoing scam, a phishing email that appears to be sent from the official account for “Team Ripple” appeals to Ledger users by offering an XRP giveaway to “whitelisted addresses” as part of a “Community Support Program.” The registration process involves handing over your Ledger seed phrase or crypto private key in order to qualify for the non-existent program.
In an email to customers sent on Jul. 29th of this year, Ledger acknowledged that it had been the victim of a data breach in which close to a million email addresses were compromised, along with the personal details of a subset of 9,500 customers. Although the vulnerability leading to the leak on the Ledger website was quickly patched, the damage had already been done, and scammers appear to be coming up with creative ways to use the addresses to trick Ledger users into giving up their coins.
The idea of crypto credential phishing via homoglyph-containing URLs is not new and scams employing this tactic have been targeting XRP holders across the course of the entire year, even before the email leak.
In 2018, scammers set up a fake Binance site, complete with an SSL certificate. However eagle eyed users noticed the ‘n’ had been replaced with a version that included an underdot (ṇ).
In March, creators of a fake Google Chrome extension for Ledger managed to steal 1.4 million XRP in less than a month.
Source: , CoinTelegraph
Articles listed with Cash Tech News as the author are either general information, or may have been imported from another website, to bring our readers a rich media experience that encompasses articles that we find interesting, as well as those curated by others.
The views and opinions expressed here are for informational purposes only, and should not be confused with professional financial advice. These opinions are solely those of the author and do not necessarily reflect the views of CashTechNews.com. Every investment and trade involves risk. You should conduct your own research, and contact your professional financial advisor before making any investment.
Corrections, feedback, and ideas should be submitted through the website contact form.