Bleeping Computer reported scammers mailed fake Ledger hardware crypto wallets to Ledger users. The scammers used several pages from the social engineering playbook. The devices arrived in neat, shrink-wrapped packaging along with a letter. The phony letter cited an actual data leak in 2020. The letter said the user’s data was leaked and the device needed to be replaced. Ledger did suffer a data breach in June 2020 after an unauthorized person accessed their e-commerce and marketing database that spawned a lot of phishing scams. The devices were analyzed, and it appears that it’s a USB drive that drops malware. Once the user enters their recovery seed it could be game over. Sounds like the old USB drop attack with a twist. Bleeping Computer has story and pictures of device. Ledger added this one to their phishing alert page. Do you think this social engineering scam will be successful?
Watch Out: Fake Ledger Hardware Crypto Wallets Mailed - Scammers Try Out USB Social Engineering Trick