Beware! Phishing Expeditions

One classic scam to watch out for is the email phish. This is where you get an email that states they are someone or a company they are not. They will make it appear as close to the real sender as possible. The domain will be close yet off by a letter. Maybe they’ll use the same fonts and images from the entity they are impersonating.

The Con:

You get an email from a name of a person or company you recognize. They tell you due to some reason or another you must login to the site. A link is provided that takes you there. However it’s not whom you believe it to be and you end up giving your login to some random thief that accesses your information and steals it, disaster.

The Solution:

Always verify the domain address from the email sender. Make sure they matchup exactly. Smart scammers will make it look like the email is from a company or person you recognize to the point where it’s almost identical. If you get an alarming email from a service provider you have use Google to go to their site/phone number don’t follow a link sent by email. Of course this sounds like common sense but there are so many scams out there, some sophisticated that are can catch people off guard.

Case:

Our domain was recently the subject of one of these attempted phishing attempts. Normally they’re so bad no attention is given. This one was actually clever. They represented themselves as Ledger. Stating wallets were compromised and to follow the link and re-verify login details. The domain had two letters switched, instead of Ledger.com (Legit) the domain was Legder.com (scam)

Pretty close. It was alarming to see an email seemingly from the real provider saying the account was comprised. However look closely at the email sender, Legder instead of Ledger. Pretty close. If one were to click the link on the email and provide login details the cryptcoins would certainly have been stolen by would be crooks. Hardware wallets are not susceptible to a server side attack and don’t work this way.

Closing Statement

The phishing attack is an old con yet still widely prevalent. It comes in different formats, phone calls, emails, maybe even in person. Always verify an account compromised claim by checking the phone number or domain by going there yourself instead of blindly following an inbound request.