Scammers have abandoned traditional phishing methods to use physical mail as their new tactic in attacks.
Scam exploits the 2020 data breach that exposed over 270,000 users’ personal information. The security of Ledger hardware wallet users has come under threat because scammers are now sending deceptive mail letters demanding users disclose their vital seed phrases. The fake official documents in which Ledger’s name appears try to obtain users’ digital asset keys by pretending to require security updates.
Phishing Goes Offline as Scammers Resort to Traditional Mail Tactics
Tech commentator Jacob Canfield reported on a new scam using physical letters that closely mimic Ledger’s official correspondence. The fake letters display official Ledger company elements such as their logo and business address information. They also include reference numbers to create an impression of authenticity.
The letter directs users to scan a QR code, followed by entering their 24-word recovery phrase to complete what seems like a vital security update verification process. These letters threaten restricted wallet access and fund blocking if users fail to execute their mandatory validation procedures.
The 24-word seed phrase functions as the master key for cryptocurrency wallets. This is because anyone who possesses this information can fully control the digital assets associated with it. Ledger continues to state that the company does not seek recovery phrases through any communication channel.
Ledger will not contact you through phone calls or direct messages, or request your 24-word recovery phrase. The company warned through its statement that any request for recovery phrases indicates a fraudulent attempt.
A recent scam may be linked to a major data breach that occurred in 2020 when attackers exposed the personal information and home addresses of more than 270K Ledger customers. After the security breach, some Ledger users discovered that their cryptocurrency had been stolen through tampered devices sent through the mail during 2021.
Users of cryptocurrency need to stay alert against sophisticated attacks because legitimate hardware wallet providers never ask for seed phrases.