The Battleground Against Phishing Attempts
Read the article#StopTheScammers
Ongoing phishing campaigns
Phishing attempts are targeting Ledger customers.
Phishing attacks are unfortunately an all too common threat when using the internet. This page aims to make a list of some examples of phishing attacks we have received at Ledger targeting our customers. If you have any doubts about the authenticity of a communication from Ledger, you can refer to the list below highlighting some recent phishing campaigns.
Never share the 24 words of your recovery phrase with anyone under any circumstances.
Even with Ledger or what you would think is coming from Ledger. Ledger will never ask for them. You should never enter your 24 words anywhere else than into your device.
How to prevent being scammed from phishing?
Never validate a transaction on your Nano if you are not the author of this transaction.
Scammers will ask you to download a fake Ledger Live application that will trigger a transaction on your Nano. You must absolutely reject that transaction.
Ledger cannot and will not deactivate your device.
Some phishing attempts are pretending Ledger 'deactivate' or 'block' your device for KYC reasons. Ledger is not in a position to 'block' our 'deactivate' your device. Any request asking you to do this is bogus.
Always make sure that you interact through Ledger’s official channels
Be cautious, fake domain names are sometimes very close with a subtle spelling difference such as "legder", "leqder", "ledqer", "lèdger" or "ledgёr"
Please also be aware of what you may think is a ledger.com domain name but is in fact not!
See for example:
ledger.com-a42-encryption-m6-email.rg37-s8-smtp (dot) cloud
Authentic Ledger domain names are:
@ledger.fr
@ledger.com
@ledgerwallet.com
@ledger.zendesk.com
Ledger will never contact you via text messages or phone call.
As soon as you receive a so-called Ledger communication via text message, WhatsApp, Telegram, phone call or postal letter, assume that It is a phishing attempt, report it as spam, and block the sender.
Ledger will only communicate via email and official social media channels :
twitter.com/ledger
facebook.com/ledger
instagram.com/ledger
Learn more about phishing campaigns
Anatomy of a Phishing Attack
Read the article
How to keep your crypto safe against scams
Read the articleWant to help us or report a phishing campaign?
If you have any doubt about the authenticity of the communication you received or the domain name or the sending address you received the communication from, you can always contact our Customer Support.
If you think you have received a fake communication from a third party impersonating Ledger, you can report it here.
If you want to report a fake X (Twitter) account impersonating Ledger or its employees, you can use this link.
NB: This will be reviewed by our team and help us flag more phishing examples on this page. However please note that there won’t be an individualised response to emails sent to this address. If your query requires a response from Ledger, please contact our Customer Support.
If you have received a phishing attempt or if you are aware of an illegal website, please report it to Google Safebrowsing. The more we report these illegal websites to Google, the more difficult it will be for scammers to deceive our Ledger users.