Hey guys,
I just got this email from supposedly Ledger. Email is 100% a phishing email as it asks me to put in my seed phrase.
Crazy thing is that this actually comes from a trusted ledger email address.
How is this email possible? Forgive my ignorance if this was addressed just wanted to share with y’all and warn of this danger.
The Ledger subreddit is continuously targeted by scammers. Ledger Support will never send you private messages. Never share your 24-word recovery phrase with anyone, never enter it on any
website or software, even if it looks like it’s from Ledger. Only keep the recovery phrase as a physical paper or metal backup, never create a digital copy in text or photo form. Learn more at
https://reddit.com/r/ledgerwallet/comments/ck6o44/be_careful_phishing_attacks_in_progress/
If you’re experiencing battery problems, check out our [troubleshooting guide](https://support.ledger.com/hc/en-us/articles/4409233434641-How-to-troubleshoot-Ledger-Nano-X-battery-issues?
support=true). If you’re still having issues head over to the My Order page to explore options for replacement or refunds. Learn more here.
I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.
For clarity. The white box with the hyperlink is me hovering over the link so that you can all see where this leads to.
It is so easy to spoof a sender’s email address
It’s just a spoofed address. If you put the email header in a page to decode it, you can see the true sender.
Move to Trezor
You can put any text you like in the From field of an email. Some services like gmail won’t let you, or will change it to “On-behalf-of: ” or something. But plenty of direct email clients will let you put anything in there.
Paste the header into this tool.
You’re looking for pass or fail on the DKIM record.
toolbox.googleapps.com/apps/messageheader
Copy paste the address into this tool.
Does it contain any hidden characters?
https://magictool.ai/tool/unicode-decoder-encoder/
You must have a really crap email provider to let spoofed emails through
Bro just learn how email works.
If any email even mentions the word seed phrase
You better delete that email and move on.
It’s that simple.
To many of these to think ledger is not apart of this
this email doesn’t look legit at all lol. how can people fall for this? mind boggling. rijara com ? verify your seed phrase? really?
>this actually comes from a trusted ledger email address.
No, it does not. Anybody can send email with any from address.
In gmail, you can check the email source in the … menu Show Original.
It will show the DKIM: FAIL, SPF: FAIL. Which means it uses faked address.
Your email client should have similar tools. If not, then get an other more secure email client.
It’s important that you educate yourself on how to identify common spoof emails as scammers are getting very good at deceiving potential victims. Although the email appears to be coming feom legitimate source, it’s blatantly obvious that a) Ledger would NEVER ask you for your pass phrase or 24-word password
B) The URL in the phishing email is obviously NOT from Ledger.
Best you check the “reply-to” email address in the source of the email itself and block it permanently so they can never contact you again.
Thanks for posting this. Others should make note that leading into the next bull market, these sort of scams are going to become a common occurrence .
Stay vigilant people.
LOL, nice try.