Ongoing phishing campaigns

Physical mail prompting users to scan a QR code or visit a website

Users are receiving physical letters in the mail. The letters vary in format and subject matter, but they all prompt individuals to scan a QR code and/or go to the website mentioned in the letter, and follow the set of instructions. Ultimately, users are requested to enter their 24 words. Remember: Never enter your 24 words – there is no good reason to type your recovery phrase into a computer. Anyone that has your recovery phrase has full access to any account that has been created using it.

Below are a few photo examples of this scam variant:

Another recent letter claims that Ledger has opened vault addresses for specific users. It implies but does not directly state that you should send funds to various wallet addresses in order to “vault” your crypto. This is of course not true, and you should never send cryptocurrency to an address you don’t know.

Malicious actors contacting Ledger users via phone calls

The key takeaway here is that Ledger will never contact users via phone call, for any reason. No matter how convincing the person may seem, always remember that there are no circumstances where it would be necessary to provide your 24 word recovery phrase. Any attempt to gain this secret information is an attempt to steal your funds.

If you ever find yourself on the phone with someone claiming to be from Ledger, immediately hang up and ignore further contact attempts.

We’ve seen three primary trends involving unsolicited phone calls:

1. The scammer will open a support ticket using the victim’s email address, which will prompt an auto-confirmation message from Ledger support’s ticketing system. A follow-up call is immediately performed by the scammer. This lends credibility to the scammer, who will claim that a user’s account has been compromised or other similar fake scenarios. If an unsolicited Ledger Support email is ever received, please respond to that automated confirmation email to let our team know that you did not initiate the request. 
2. Scammers have been impersonating CoinCover employees, a partner of Ledger for the Ledger Recover product. They will call a user and claim that they are following up on a request to recover a Ledger device. The Ledger Recover product requires intentional opt-in and a subscription, and in many cases, the user does not actually have a subscription to the service. Similarly to the above, CoinCover would not contact a Ledger Recover subscriber without a request initiated directly by you.
3. A caller that claims that an attempt to recover a user’s Ledger account was made in a foreign country. In crypto self-custody, such a thing would not even be possible. If someone has access to a recovery phrase, they have complete access to all accounts derived from it, and there is no way to alert the true owner of those accounts that a restoration of a phrase took place. It would not be until funds are moved from accounts that any knowledge of that restoration could take place.

This Ledger Support Article will provide more information about this scam tactic.

Fake Ledger Wallet (formerly Ledger Live) application or website

This remains one of the most common scam tactics we see. Fake versions of Ledger Wallet (formerly Ledger Live) can look extremely convincing at first glance. However, users who attempt to interact with one will inevitably receive a supposed “error message” accompanied by a request to input their 24 word recovery phrase. Of course, there is no real issue with the device, its memory, the firmware, etc. It is only an attempt to get the user to type their 24 word recovery phrase.

The only place to download the official Ledger Wallet application is directly from our website at https://www.ledger.com/ledger-live. Please refer to this article to see examples of some fake Ledger Wallet applications/websites we’ve encountered:
Ledger Support Article

Fake Emails

We’ve seen recently that some of our users are receiving emails such as the example below. Always remember to check the email address that an email was sent from, and keep in mind that there is never a good reason to type your phrase into a computer.

In these examples, when the victim of the scam clicks the “Verify Now”, “Secure My Account Now”, or “Claim My Gen 5 Protection Device” button, they are taken to a site where they are prompted to enter their recovery phrase. The recovery phrase is the key to your accounts, and anyone with this phrase has full access to all accounts created using it.

Scam NFTs

This tactic involves a scammer depositing an NFT into a user’s wallet that contains a title intended to trick the user into believing they have won some sort of prize or giveaway. It will also include instructions to visit a specific website to claim the “reward”. NFTs of this nature should be treated the same as a spam email – don’t interact with them in any way. You can simply hide these from your portfolio in Ledger Wallet.

This article will provide some examples of common scam NFTs that are received, as well as instructions on how to properly handle them: Ledger Support Article

Fake social media accounts posing as Ledger

Scammers constantly create fake profiles on social media platforms that can be very difficult to spot as a fake. One key thing to remember is that Ledger will never send users a direct message on social media. Any request to communicate via direct message on social media platforms should be considered a scam attempt.

On top of impersonating our official support accounts, scammers will often impersonate individuals who work at Ledger or have worked at Ledger in the past. These messages can be received as responses to your posts, and they will typically request for you to send them a direct message. They may also recommend to follow up with someone on another social media platform, such as linking an Instagram or Telegram account to contact.

For your security, please treat any message directing you to contact another person on social media, or any attempt to engage via direct message, as a scam attempt. Above all, always remember to never provide your 24 word recovery phrase to any person, no matter what.

Please refer to this article for a full list of our official support profiles on social media:
Ledger Support Article