• Fake Ledger emails trick users into enabling a fraudulent “Clear Signing” feature.

  • Biggest loss: $32M in spWETH stolen via a phishing attack on Sept. 28.

  • Phishing scams stole $46M in crypto in September, targeting 10,800 victims.

Phishing attacks are an increasing threat in the bitcoin business, with over $46 million worth of cryptocurrency stolen in September. A fresh wave of phishing emails is circulating, seeking to steal Ledger customers' cryptocurrency assets.

Scam Emails Target Ledger Users with Fake ‘Clear Signing’ Feature

A new scam consists of fake emails being sent to Ledger users, encouraging them to enable a phoney security function called "Ledger Clear Signing" by October 31, 2024. These emails, not originating from Ledger’s official domain, state that activating this feature is required to keep using a Ledger device after November 1. The deceptive email claims that this function is essential for safeguarding users' funds from phishing attacks and other scams.

https://twitter.com/fr0gger_/status/1846020954935504916

The phoney emails include a malicious link that takes them to a bogus website claiming to be Ledger. The website invites users to share sensitive information, placing their valuables at danger of theft. Crypto users should avoid clicking on suspicious websites and providing personal information to unknown sources.

Phishing Scams are Targeting The Crypto Sector

Phishing attacks are on the rise in the cryptocurrency field, with scammers getting more creative in their methods. Crypto hardware wallet users, such as those who own Ledger devices, are frequent targets of these scams. In May, a trader lost $71 million worth of cryptocurrency in one of the most high-profile phishing attacks of the year, after being tricked into sending 99% of their funds to an attacker’s wallet.

The most recent phishing wave, described as a “very clean Ledger scam” by Microsoft senior threat researcher Thomas Roccia, highlights the ongoing risks for crypto users. Roccia noted that the link in the phishing email redirects users to a URL completely unrelated to Ledger.

Over $46 Million Stolen in Phishing Attacks in September

September saw a surge in phishing attacks, with an estimated $46 million worth of cryptocurrency stolen from approximately 10,800 victims. The largest reported loss occurred on September 28, when a phishing attack drained over $32 million worth of spWETH using a permit phishing signature.

Crypto users are encouraged to remain vigilant, particularly in light of the growing threat posed by phishing attacks. Scam Sniffer, an on-chain security firm, reported a 215% rise in crypto phishing attacks in August, with $66 million stolen, largely due to a single large-scale phishing attack that claimed $55 million from a victim. 

The post Ledger Users Face Malicious Email Scam Promoting Fake Security Feature appeared first on Crypto News Land.