30s Summary
A new email-based scam targeting users of Ledger hardware wallets is circulating, attempting to trick users into activating a fake security service called “Ledger Clear Signing”. The bogus emails, sent from non-Ledger accounts, suggest users must activate this feature to protect against increasingly sophisticated phishing attacks. The deceptive link notoriously takes users to an unrelated website. With a notably sharp rise in these attacks, scammers stole approximately $46 million from nearly 10,800 victims in September 2021 alone.
Full Article
Hey there! Bad news, a fresh batch of bogus emails is swarming Ledger users, trying to swipe their crypto stash. The scammers are hoping to trick users into turning on a fake security feature named “Ledger Clear Signing” by October 31 so they can keep using their Ledger device. Don’t fall for it!
These garbage emails, which aren’t even from official Ledger email addresses, try to get users to open a dodgy link that will supposedly activate this phony feature. They’ll tell you: “To continue using your Ledger device safely, activating Clear Signing is now a must from November 1, 2024. This tool is vital in shielding your assets from phishing attacks and scams that are getting smarter.”
If you don’t know, phishing scams are where tricksters fool people into sharing their account info. If you’re dealing with crypto, you’ll want to veer clear of sketchy links or telling your personal info to strangers.
There’s been an alarming rise in these scams this year. In May, for example, one unfortunate trader was fooled into sending nearly all their funds – a whopping $71 million in crypto – straight to the scammer’s account.
Having a Ledger wallet is super popular, so that makes Ledger users delicious targets for scammers. But this latest email scam is a slick one. According to Thomas Roccia, a bigwig threat researcher at Microsoft, it’s a “very clean Ledger scam.” In a later post, Roccia called out that the scam link takes users to a web address that has zip to do with Ledger.
Even though these scams can look pretty low tech, they’re becoming a serious issue in the crypto world. In September alone, phishing attacks swiped around $46 million from roughly 10,800 victims, says onchain security firm Scam Sniffer. The granddaddy of them all took place on Sept. 28 – it nabbed 12,083 spWETH worth a staggering $32.43 million.
By comparison, in August, a crazy surge of over 215% in crypto phishing attacks resulted in $66 million of digital assets taken from about 9,145 victims. Over $55 million of that was from a single, large-scale attack. On August 20, one unlucky crypto owner signed a transaction changing the ownership of 55.47 million Dai (DAI) in the decentralized finance protocol Maker. Gulp!
Be safe out there, folks!
Source: Cointelegraph