If you have any online footprint related to crypto, you probably got a phishing email at least once.
Ledger wallet owners have been under attack from scammers through most of 2020. Ledger wallet customers have been debating whether Ledger sold their data. Ledger finally admitted in December 2020 that the company suffered a data breach in July 2020 and customer data are being sold online now.
In this article we are going to list out the most dangerous phishing techniques you’ll come across.
We are also going to touch on the subject of why phishing works even though EVERYONE knows they should not click on links in suspicious emails.
And lastly we will give you a couple of easy tricks to improve your protection against phishing. They are not anything technical.
Crypto Phishing Techniques Targeting Wallet Users
Since mid 2020, the Ledger phishing campaign has been most active via e-mail and on the official Ledger Reddit forum,
The emails will typically come from an email address such as
legder.com. This is a misspelling of “ledger” but it is barely noticeable at first glance. The email contents looks like legitimate Ledger emails.
The Ledger phishing scam exists in several variants.
- Sometimes the phishing urges you to download a security update for your Ledger wallet. It will offer a button for you to click to get the update.
- In some variants of the phishing, the link will take you to a website that will ask for your seed. Once you enter your seed there, you lose your crypto.
- Alternatively, it may download a malicious copy of the Ledger Live application that will steal your seed through a more sophisticated method. This is pretty much a malware.
The same email list has been repurposed to phish Exodus staking wallet users, Electrum users and more.
What you need to know
- Ledger, Exodus nor Electrum never asks for your seed in any website interface.
- Specifically to Ledger: Updates to Ledger Live can be downloaded through a note that appears inside the Ledger Live app when an update is available. Do not download software from an email link.
- Exodus, Electrum and any other software wallet is always a free software wallet that you can use anonymously. That means, the developers of these wallets cannot know your email address! Consequently, any email that claims to be from Exodus is necessarily a scam.
Why do so many people fall for phishing?
Now for the fun part.
Everyone and their grandma knows we should not click on links in unexpected emails. It has been hammered into our heads for the past twenty odd years.
So why do we still click then?
We are stressed out
Crypto exchange support imposters leverage this extremely well.
Imagine your laptop gets stolen and you can’t find your crypto exchange 2FA backup. You try to open a support ticket from your phone, but the browser wants you to log in first. You cannot do that, so you go to their Reddit or Telegram page and try to get a support rep there.
Like magic, a support staff messages you, happy to assist. It’s someone with the exchange logo in their avatar, it looks legit, you start explaining your problem…Yeah they are not real support staff. They are an imposter trying to lock you out of your account.
But you’re not thinking straight because you have 1000 other things on your mind if your laptop just got snatched. You go with what seems most likely, and fall for the scam.
Solution: Repeat after me - In crypto, if somebody looks like they really want to help you, they are probably a scammer. Count to 5 before you tell somebody anything about any wallet or any account you might have.
We are not yet awake
Scrolling through social media and emails is is in fact the first thing we do in the morning. Usually while we are still in bed.
It is extremely easy to click on anything that looks somewhat plausible when you are not yet fully awake. You just don’t really judge very well.
Solution: Ignore any messages that want you do more than
dislike) until you actually get up.
They sound professional
This is most dangerous during work, because you get a lot of legitimate emails that are like that. Chatting with clients or managers primes you to understand every incoming email as work communication.
This is why the wallet update scam is so successful: It sounds technical, professional, just like any work email.
Solution: Update your wallets regularly. Once a month is fine. Just do it on your own, directly from the wallet app. This way you can relax and completely ignore any wallet update alerts you get per email.
And Btw…How did the cybercriminals find your email address?
Leaked e-mail address is no big deal, as long as you use 2FA everywhere and as long as you are aware that phishing exists and you should use your brain before clicking on any links.
Just in case you’re curious how did we come to rampant phishing campaigns in the crypto industry, here’s a short list of the most common ways crypto enhusiasts’ emails get out there.
- Big crypto companies like Ledger or Coinbase do not sell your data. As explained in the intro, have been breaches that leaked email addresses along with physical addresses, though.
- Contrary to crypto exchanges, airdrop and ICO people DO sell their email lists. You may want to use a single-serving email alias if you are curious who sells and who doesn’t.
- Sadly, your email could also leak through a marketing agency’s CRM, if it was breached. In this case your email might be known even if you never used it to sign up anywhere because agencies often collect contact data through automated data mining.
- If you run a crypto related blog, your contact email addresses are on every phisher’s list.
You can check if your email leaked through a breach on HaveIBeenPwnd.