A new wave of scam emails is specifically targeting Ledger users in an attempt to steal their cryptocurrency holdings. These phishing emails aim to deceive users into activating a bogus security feature called “Ledger Clear Signing” before the deadline of October 31, claiming that doing so is essential for continued use of their Ledger device.
The fraudulent emails originate from addresses not associated with Ledger and direct recipients to a malicious link designed to activate this fake security feature. The email contains alarming language, stating:
“To continue using your Ledger device securely, activating Clear Signing is mandatory starting November 1, 2024. This feature is essential in protecting your assets from phishing attacks and fraudulent activities that are becoming more sophisticated.”
Understanding Phishing Scams
Phishing scams are designed to trick users into willingly sharing their account details and sensitive information with scammers. Cryptocurrency users are advised to be vigilant by avoiding suspicious links and refraining from providing any personal information to unknown sources.
Cointelegraph reached out to Ledger for comment but had not received a response by the time of publication.
Phishing attacks have become more prevalent in the cryptocurrency sector. In May, a trader fell victim to one of the year’s most high-profile phishing scams, losing $71 million worth of crypto. The attacker deceived the trader into sending 99% of their funds to the attacker’s address.
Ledger’s hardware wallets are among the most popular in the industry, making their users prime targets for these types of scams.
According to Thomas Roccia, a senior threat researcher at Microsoft, this latest wave of phishing emails is a “very clean Ledger scam.” Roccia pointed out that the scam link redirects users to a URL that is completely unrelated to Ledger, emphasizing the deceptive nature of the attack.
Despite their simplistic tactics, phishing attacks pose a significant threat in the cryptocurrency space.
Financial Impact of Phishing Scams
Data indicates that phishing attacks stole approximately $46 million in September alone from around 10,800 victims. The most significant loss occurred on September 28, when a phishing attack utilizing a permit phishing signature drained 12,083 spWETH, worth $32.4 million.
In August, the situation worsened as crypto phishing attacks surged by over 215%, resulting in the theft of $66 million in digital assets from about 9,145 victims. The majority of this stolen value was attributed to a single large-scale phishing attack that amounted to $55 million.
On August 20, a crypto holder unknowingly signed a transaction that transferred ownership of 55.5 million Dai within the decentralized finance protocol Maker, leading to significant financial losses.
Preventive Measures for Users
To combat the rising threat of phishing attacks, users are encouraged to adopt several best practices:
- Verify Sources: Always check the sender’s email address and be cautious of unsolicited communications that request personal information.
- Enable Two-Factor Authentication: Using two-factor authentication adds an extra layer of security, making it more difficult for unauthorized individuals to access accounts.
- Educate Yourself: Familiarize yourself with common phishing tactics and red flags to identify potential scams quickly.
- Use Trusted Platforms: Only engage with reputable platforms and exchanges to mitigate risks associated with phishing scams.
The ongoing targeting of Ledger users through fraudulent “Clear Signing” phishing emails highlights the evolving tactics employed by scammers in the cryptocurrency space. As phishing attacks become increasingly sophisticated and frequent, it is imperative for users to remain vigilant and adopt protective measures to safeguard their assets.
The significant financial losses reported over the past months underscore the importance of awareness and education in preventing such attacks. As the cryptocurrency market continues to grow, so too will the challenges related to security and fraud, making it essential for all users to prioritize their online safety.