Ongoing phishing campaigns
Phishing attempts are targeting Ledger customers.
Phishing attacks are unfortunately an all too common threat when using the internet. This page aims to make a list of some examples of phishing attacks we have received at Ledger targeting our customers. If you have any doubts about the authenticity of a communication from Ledger, you can refer to the list below highlighting some recent phishing campaigns.
Phishing websites shutdown last month: 101
Social networks : 226 = 216 Twitter, 6 telegram, 3 facebook, 1 Linkedin
Never share the 24 words of your recovery phrase with anyone under any circumstances.
Even with Ledger or what you would think is coming from Ledger. Ledger will never ask for them. You should never enter your 24 words anywhere else than into your device.
Only use the official download page for Ledger Live.
The Ledger Nano is not a USB device. It does not contain any application to download and install on your computer.
The only way to download the Ledger Live app is by using the official download page here.
How to prevent being scammed from phishing?
Never validate a transaction on your Nano if you are not the author of this transaction.
Scammers will ask you to download a fake Ledger Live application that will trigger a transaction on your Nano. You must absolutely reject that transaction.
Ledger cannot and will not deactivate your device.
Some phishing attempts are pretending Ledger 'deactivate' or 'block' your device for KYC reasons. Ledger is not in a position to 'block' or 'deactivate' your device. Any request asking you to do this is bogus.
Always make sure that you interact through Ledger’s official channels
Be cautious, fake domain names are sometimes very close with a subtle spelling difference such as "legder", "leqder", "ledqer", "lèdger" or "ledgёr".
Please also be aware of what you may think is a ledger.com domain name but is in fact not!
See for example: ledger.com-a42-encryption-m6-email.rg37-s8-smtp (dot) cloud
Authentic Ledger domain names are:
Ledger will never contact you via text messages or phone call.
As soon as you receive a so-called Ledger communication via text message, WhatsApp, Telegram, phone call or postal letter, assume that It is a phishing attempt, report it as spam, and block the sender.
Ledger will only communicate via email and official social media channels :