More Fake Ledger Emails Doing the Rounds

Reading Time: 2 minutes
  • Another fake Ledger email is doing the rounds
  • This one advises users to upgrade their software “as soon as possible” and provides a link
  • Ledger customers have been seeing regular emails ever since Ledger’s customer database was leaked in 2020

Another round of fake Ledger emails has started to do the rounds, with the latest being another attempt to get affected users to download a compromised version of the hardware wallet’s software, Ledger Live. Such attacks had dwindled in recent months, but it seems that attackers still feel that, getting on for two years since the personal details of over 290,000 customers were leaked online, there are still some out there who might be susceptible.

300,000 Customer Details Leaked

Ledger’s woes on this matter date back to May 2020 when it suffered the first of a number of security breaches which saw hackers obtain customer details from hundreds of Shopify clients, including Ledger and Trezor. Ledger denied the leak, reducing it to “rumors spreading” and said that the data from the hack didn’t match their own records.

This, however, was just the start, and a series of leaks that year ended with the names, addresses, email addresses and phone numbers of almost 300,000 customers leaked online. Those individuals have since been peppered with emails, texts and even letters using various methods to try and get affected users to hand over the contents of their crypto wallets.

Fake Live Ledger Update is Latest Attempt

The latest, which arrived this week, is another attempt to get Ledger users to update Ledger Live, the software used by the wallets, with a fraudulent version that will steal any funds you have on the wallet:

ledger

We can tell this is a fake for a number of reasons:

  • The subject, [email protected], is nothing like what you would find on an official email on the subject of security
  • The email comes from [email protected], which is clearly nothing to do with Ledger
  • The email contains a link to a Ledger Live update, whereas genuine emails from Ledger ask you to update within the app itself for security reasons and will never provide a link to an individual download
  • The email contains a ticket number, despite users not having created a ticket on the matter, which they wouldn’t have done anyway if they didn’t know about the ‘upgrade’
  • The email urges users to take action now “to maintain the security of your assets”, which is a common scammer tactic

As usual, just spam it or delete it and take a few moments to curse Ledger once again for not taking your personal safety seriously.

Share