Ledger users are under attack and targeted by a phishing scam (here is a link to understand the anatomy of a phishing attack).
Kraken Security Lab has done a great job at describing what’s going on and we appreciate their help in this matter.
Today, we want to let you know that Ledger is fighting hard to defeat the scammers. But we also want to let you know that we’ll be stronger together.
Help us #StopTheScammers.
The two main ideas you should leave with after reading this post are :
- NEVER SHARE YOUR 24 WORDS WITH ANYONE. EVER.
- HELP US TAKE THE SCAMMERS WEBSITES DOWN
The best way to stop the scammers is to take their websites down as quickly as possible. Here’s how you can help:
- Spread the word: talk to your friends and your communities and let them know that they must never share their 24 words with anyone under any circumstances, Ledger will never ask for their 24 words. No one should ever ask you for your 24 words… It’s a secret that only you should know!!!
- If you have received a phishing attempt or if you are aware of an illegal website, like the ones above, please report it to Google Safebrowsing. The more we report these illegal websites to Google, the more difficult it will be for scammers to deceive our Ledger users.
- If you have received a phishing attempt, you can file a complaint with your local criminal authority.
Phishing scams are one of the critical problems in cybercrime. The Ledger community will be better protected if we all work together.
When you find a scam, report it to the community: #StopTheScammers.
We understand the stress and uncertainty these phishing attacks may be causing you. We want to assure you that our team is doing everything in our power to stop these attacks.
What is our team doing ?
- Members of our Donjon security team are continuously tracing the scammers’ new website URLs, so that we can share the necessary technical information for the relevant authorities.
- Managing and updating an on-going criminal complaint through the French Public Prosecutor to enable the police force to identify and prosecute those responsible.
- Subpoena request forms in the US and in France to obtain from the internet intermediaries and communications operators full disclosure of the identity of the responsible.
- Reaching out to international cyberdefense organizations to bring the case to their knowledge. This is a way to increase the magnitude of this complaint by using these international cyberdefense organizations enormous and transnational capabilities.
- Our brand protection internal and external teams are reporting illegal websites to abuse contact of the registrars. Within the last few weeks, 87 websites have been reported and 42 shutdowns. Some registrar fail to be reactive which explains why websites are still active despite Ledger notifying them several times following the abuse procedure.
- Communicating with our customers and community, answering thousands of questions and updating users with new information as it is available through our support center, Twitter, Facebook, email, Reddit, etc.
We will be stronger together.