How much is the Phish?

in LeoFinance2 months ago

I got an email about an hour ago from Ledger, telling me of a security breach requiring an update. Yeah, there was a security breach, but this sounds "phishy". Others might have come across this before, but with the bullrun in full swing, it is good to be extra cautious. This is especially true for people like me - tired people.

Security is crucial in crypto and there are a lot of scammers out there trying to get your hard-earned coins and, they are pretty clever at times, preying on the people who are either greedy (like those Discord messages full of emojis target) or, fearful of being compromised.

image.png

Firstly, I am tired - but not that tired and when it comes to security, I try to be on the ball. However, it isn't always simple and some of the signs are easy to miss if not paying attention.

Firstly, Ledger was indeed hacked back in July and while the tokens were safe, user data was stolen on 270,000 customers.

image.png

That data was then dumped onto Raidforum in December, making public user data.

image.png

So,

Here is the email from tonight and as you can see, it didn't come from ledger, it come from some other random website and sent using a mail delivery system.

image.png

Phishy.

image.png

we have included your full name for the authenticity of this message

piss off.

Now it's technically impossible to protect your wallet without this update because we do not store anything of this in our server.

What kind of company would send out this kind of grammar?

It only takes two minutes, but after that you will be sure that your wallet is safe.

Safely in your hands - pricks.

Phishy, Phishy

image.png

And then I went to the link to see what was going on.

Firstly, that ain't Ledger.

We recommend our clients to exercise caution -- always be mindful of phishing attempts by malicious scammers. To put it simply, you should never share your 24 words.

That makes sense

Only Ledger can ask you for the 24 words of your recovery phrase.

But, but.... you said to never....

Phishy, Phishy, Phishy Phish!

Never. Ever. NEVER!!!

While I know that many people would quickly recognize this as a scam, I know quite a few who haven't caught these kinds of things and have lost their keys and quite significant amounts of crypto. Similar things happen on Hive where people have given their master keys to strangers in discord or, have used their master to log into websites that look authentic.

When it comes to security, be very aware save the trusted sites as bookmarks rather than typing in and, be very, very careful with links given that require a login, even if it is from someone you know and trust, because they might not have picked up on the scam either and unknowingly roping more people in. Your keys are your responsibility and if not careful, they can be tricked from you and before you know it - all that you have worked for is gone.

I think considering security is even more salient when price is going up on Hive, as it will attract all kinds of scaammers into the community and because it is socially powered, there is a lot of potential for those who are not cautious to get scammed, and have their potential future of financial security gone in 60 seconds.

While you can hate the scourge of scammers, the sad reality is they exist and they come in many forms so please, as exciting as this all is, when it comes to security - be vigilant.

And make sure that the Phish costs you nothing.

Taraz
[ Gen1: Hive ]

Posted Using LeoFinance Beta

Sort:  

I get these regularly also, I am very disappointed with ledger for the security lapses. But they did go the extra mile to inform their customers.

Ledger is still my go to offline wallet.

This was the first for me, unless the spam filter got the rest. I should check.
I don't mind the Ledger, though the storage on it is abysmal - I think the newer ones are better, but only having oe or two apps at a time is silly.

Posted Using LeoFinance Beta

I am always amazed at the audacity of the scam. I guess the lesson is 'don't be subtle, you are only going to get the lowest hanging fruit only'.

You'd think that only a few months after such a notorious data breach wouldn't be enough time for people to get complacent again. Sigh.

I watched the video. I'm not quite sure how a pretty girl vs the worlds slowest motorcycles is germane to the topic at hand, but I'll take it. Sorta. Pretty girls make up for a lot of technical deficiencies. Maybe they ought to get pretty girls into the phishing mix?

Subtle requires too much work - the bad spelling and form of Nigerian prince scams is that way on purpose, as it filters the replies. Most people will see it as a scam in an instant, but it is those few who don't that they are after. They don't have time to spend hours trying to convince someone, they need them already bought in.

Did Scooter never make it to the states? :D

Posted Using LeoFinance Beta

Those bastards have already sent me several emails.
I took a look at Andreas Antonopolus video a few weeks ago and it actually makes you think of all the different measures we all should put in practice to keep our privacy more secure, just purchasing any online product and have it sent home puts is a potential exposure of our private information. I recommend watching it to all those who have not done it yet.
Here's the playlist he created out of the original video.

Thanks! I will check it out.

Posted Using LeoFinance Beta

The two links they mention in the video and included in the description are very helpful to check if your email has been compromised.

A lot of people receive messages after the two data leaks. One was from Ledger itself and the other one was from a web shop.
Apart from phishing you also see extortion mails of the attackers. Cybercriminals threaten their victims that they know their victims have large amounts of cryptocoins and they know where they live.
Sad but true.

When you buy hardware wallets online you could ask the reseller to remove your personal info after you receive your hardware wallet. This way your personal data cannot be abused when data gets leaked or hacked.

Posted Using LeoFinance Beta

A lot of people receive messages after the two data leaks.

Yep, this is the first I got for Ledger. I figure they probably di it in rounds and there are several groups doing it. With so many new people coming into crypto the last year, they are going to catch someone.

When you buy hardware wallets online you could ask the reseller to remove your personal info after you receive your hardware wallet. This way your personal data cannot be abused when data gets leaked or hacked.

Will they do it though? :D

Posted Using LeoFinance Beta

In Europe we have the GDPR (General Data Protection Regulation). This law gives persons more rights over their data companies store of them.
One thing is the right of deletion.
I know a lot of other countries have similar laws, so yes, they should carry out your request for removal.

Posted Using LeoFinance Beta

Yes I know this, but I always suspect that companies are less effective at it than they should be. I have seen quite a lot of evidence that even when they try, they aren't successful at washing it all. Will be interesting with BC later.

The odds are in their favor TBH. Am sure they send these out to thousands of users, and unfortunately a few gullible people are bound to fall into their trap. Bastards

There are always some takers - either the gullible or the tired :)

Posted Using LeoFinance Beta

I hate these people. The time and energy they spend trying to fuck people over, it makes me mad and sad.

Nicely swerved, and a finders fee for reporting, bonus!

It is really easy for people to not pay attention and some phishers are very clever. I think that non-native English speakers are more likely not to pick up the language stuff, so are more at risk perhaps.

Finders fee is nice - it might save someone a lot more than that :)

Well, at least they did not threaten to sue you unless you resolved the problem...PayPalLikeDudes have been doing this to local and less spam protected e-mail domains that certain acquaintances of mine still use. I usually make a mouse over to verify the url that the browser would usually show bottom left but when you're on their territory, a mouse over can be coded to effectively be the same as a click. I think. My info is based on reading old coding guides...For Dummies while sleepy.

Aye, grammar often tells a different tale. Still, one they, one of those bold guys will know the language well enough...

The sad thing is...numbers make these scams work. If 99 % would not fall for it, 1 % will. Send to 1000 and that's 10 hits, etc.

Yeah, it is a numbers game, like spam and Nigerian prince scams. They send it out 270,000 times and if only that 1% bite, they get hold of 2700 wallet with who knows how much value inside. Large wallets aren't necessarily held by security conscious people.

Posted Using LeoFinance Beta

Ah, man...I guess I'm luckier than most. It'm usually mailed by Ethiopian princesses or other beauties from their league.

I had someone hit me with a phishing text once, early in the morning right as I was waking up. It was amazing the timing on when it was sent, almost like they were watching me wake up. Long story short, I clicked on a link that looked legit to my groggy self and promptly realized after I had entered my password, which was rejected, that I had been successfully phished. I woke right the fuck up and ran into my office to change my password. Probably took less than 2 minutes between when I entered the password on the phishing site and changed the password on that account. I got there in time and they didn't get into my account luckily, but whew was that close. I remember Cliff High saying he got hit with a credible phishing attack on the same morning from a source in the Philippines. I checked the whois on the link and it was also from the Philippines, so may have been the same one being blasted out to crypto enthusiasts. Goes to show that no matter how good your security measures are, there's always the human vulnerability factor. Need to stay ever-vigilant against social engineers.

Human vulnerability is probably the biggest threat to security. Our memories are bad and we aren't always on our best game. I am glad that you were able to get in time as it would suck to get drilled for being sleepy.

Posted Using LeoFinance Beta

I just got scamed for 50$ a few weeks back and it was all my fault, but I rather listen to some dutch music

What got you?
Dutch music - Hardcore from Rotterdam?

Posted Using LeoFinance Beta

Exabit is what they are called, I wrote about it , because 2000% ROI... I was drunk but still ashamed of the greed....

I dont do Dutch Hardcore Techno, I might be stupid, but I ain't no lunatic ;D

Some people deserve to be beaten over the head with a large trout.

plus a salmon and a tuna

Posted Using LeoFinance Beta

I'm guessing you didn't waste a lot of time on irc in the early days? :D

possibly specifically using the mIRC client

Thanks for the info, those that would give out any passwords, private keys, name, and even the color of their f--king eyes, needs to get it together,
At this time, in the infancy of crypto it's like the WILD WEST, and you had better be packing (your wallet)

Yeah, some people are too trusting or too "something" at times :)

Posted Using LeoFinance Beta

I feel like I might have missed something. I got my first Ledger about a month ago and I don't remember having to give them any information at all. Nothing that they would have been storing in a database. It makes me wonder if I didn't fully register my device properly or something. It appears to be working fine, but like I said, I don't remember ever having to put in a email address or anything like that.

Posted Using LeoFinance Beta

Poor those who gave away their phrase....

The grammer and misspellings always seem to be a red flag.

"is within those affecting by the breach"

Smfh...