[ad_1]
Cybercriminals sent physical wallets of fake cryptocurrencies to clients of management company Ledger, masquerading as the company, to gain access to user accounts and thereby steal their digital assets.
The company reported the phishing practices on its website, where it shared images showing crooks sending letters to customers posing as the company and advising them to transfer their information to a company. new device connected to keep their information secure.
“Phishing attacks are, unfortunately, too frequent a threat when we use the Internet,” he warned, entering the official page where there is a section that gives a series of recommendations to avoid victims of cyber deception.
The scam takes advantage of a massive information breach the company suffered in 2020, in which hackers shared the information of more than 270,000 customers. on the RaidForum forum.
BipComputer He first reported this scam last Wednesday, taking a testimonial from a Reddit user who said he received the letter and the device.
The fake devices, which are also mailed, masquerade as the management company’s physical cryptocurrency wallets, Physical key chains that store the password to access a cryptocurrency account.
These appeared in legitimate-looking boxes, according to the company, in its Nano version. The instructions on the box state that the user should connect the USB to a computer, open a file, and run a fake Ledger Live application.
Thus, the user is prompted to enter the 24-word password to recover the accounts, after which the crooks take control of the user’s account and cryptocurrency wallet.
The company warned that it never asks its users for a 24-word password, and that its physical wallets never run apps or download from its platform.
In addition, the company insists on its website and social networks on the need to never share the password to avoid the theft of data and crypto-currencies.
“If you receive a suspected communication from Ledger via SMS, WhatsApp, Telegram, phone call or postal letter, assume it is a phishing attempt, report it as spam and block the sender.” , warns the company. that it communicates only by email and its official channels on the networks. And beyond the communication it establishes, we repeatedly notice that no one should ask the user for their password, not even the company, and that is why they should never grant it.
(With information from Portaltic)
KEEP READING:
[ad_2]
Source link