Topic: Ledger Nano hardware wallet Phishing email about KYC out there (Read 136 times)

Simple. Home alone with an empty house during the weekend. Since the family is away, I am just browsing the forum and working out. 

My point exactly. That's why I am replying and commenting on your post where you said you have never heard of an electronic device becoming useless unless updated in time, alluding to Ledger. Both the Nano S and the Trezor One are dinosaurs technology-wise, and they are very limited for today's standards.

So the thing you have never heard of it quite realistic, and not just with hardware wallets. Trezor One came out in 2014, Nano S in 2016. The Samsung S5 came out in 2014. It uses an outdated Android OS, which can be upgraded a bit, but still to an outdated Android version. Some apps nowadays require newer versions of the OS to run (maybe Android 6, 7, 8, etc.), and since the S5 doesn't support it, it has become quite limited and useless for today's standards. So there you have an example of a useless hardware device.

In fact, the Nano S and Trezor One are in a better position than the old smartphone models. Had you just updated the firmware in time, you wouldn't find yourself in a situation where you can't run the new one. It's the user's fault for not finding a bit of time to update the firmware from time to time. A phone allows you to update to a certain version and that's it. It doesn't go any further.       

Dude, how are you managing to write so much posts in one single day? Your 21 today posts are literally everywhere in forum

Apparently this outdate firmware issue can happen in Trezor,, but you should also consider that Trezor Model One is first and oldest hardware wallet in the world.
I am not defending them in any way for this, but there are probably some changes on hardware level that are not allowing firmware update.
This is one more reason I wouldn't buy Trezor One or Ledger S now, even if they are both very cheap.

Issues with using outdated firmware that can no longer be updated can happen. And problems with the hardware devices not working properly can happen as well.
For example, Trezor One Won't Take Firmware Updates.

That's a case of someone using a Trezor One, and the person can (for whatever reason) not update their firmware version any more. Because of the outdated firmware on the Trezor, the OP is stuck and can't send ETH from his hardware wallet according to a reply by someone saying they are a Trezor Community Specialist.

This is how ledger operates, and I never heard that any electronic devices can get broken if you don't update firmware in time.
Imagine you purchase a smartphone or laptop and if you don't update on time you can't use it anymore. 
I think Ledger is slowly preparing their customers to permanently stop updating Ledger model S.

It says in their documentation that versions 1.1 and 1.2 can no longer be updated with Ledger Live. I don't know if the company has other means by which they can make the upgrade. But anyways, I wouldn't send them a used Ledger, especially one where the seed and private keys are still stored on it.

Firmware version 1.2 came out in 2016. Ver. 1.1 is obviously even older. It honestly makes no sense to still use such an old version considering there have been bug and vulnerability fixes, but also performance improvements. 

You can be the one to upgrade the firmware before you give it away. Maybe 1.1 and 1.2 will always be the only firmware upgrades that can no longer be upgraded, or maybe that threshold will move in the future to 1.3.1, 1.4.1. etc. Hard to say. 

wait, does this mean that Ledger wallets with firmware 1.3 or older become useless junk?
Shouldn't they be obliged to make available all the changes and updates so far?

I wanted to give away a ledger with some coins on it, but that person will not use it very actively, it would certainly not be regularly updated. is it still better not to do it with the ledger, but to look for another option?

As Lucius said, that's no longer the case. Additionally, don't skip too many firmware upgrades, otherwise you might find yourself in a situation where you can no longer update the software at all. For example, versions below 1.3 for the Nano S can no longer be upgraded, and you probably have to replace the device with one that comes installed with the newest firmware.

https://support.ledger.com/hc/en-us/articles/360002731113-Update-Ledger-Nano-S-firmware?docs=true

I seriously doubt that. That would have made headlines already. It's probably some tart using Yahoo or Gmail.   

What you are suggesting is that someone has compromised the official Ledger e-mail and is using it for phishing/spam? It's not about that, but surely about some poor scammer who got hold of the database and is trying to get hold of personal data, which he will then use to register on various online services and resell those accounts on the black market.

---

I received them a couple of times, but they were in the spam folder, which I check at least once a month in case some of the legitimate e-mails are redirected there. I think that the sender of these messages wants to confuse the recipient in such a way that if the message is not clear to him, he clicks on the attachment - although this is only my assumption.

It can easily be spotted, for sure. KYC doesn't mean Know Your Client; it's Know Your Customer. That's what I know, and if I read that kind of email, that's already a red flag and immediately going to be blocked to make sure there's no spam again from that email.

Has anybody received weird emails with numbers and just an attachment? I believe that's from the data leak as well, where they got my contact.

Does this e-mail comes from their official e-mail account, like what happened to the DHL phishing e-mail that just happened recently, or is this just another random user pretending to be a Ledger support as usual? Most scam e-mails are filtered if you use a decent e-mail provider nowadays, at least that's what happen to my account. At the very least, I'm seeing fewer crypto phishing e-mails nowadays. CMIIW.

Unless the update brings security updates or something major, I personally wait for reviews to see if there is any stability issue. I mostly use my hardware with Electrum anyway so there is no need to update quickly. Things might be a bit different if you use an official app that always requires the latest firmware. This is probably one of the ways scammers can mask their message, saying that there is a new major firmware update available that fixes a major security flaw for your HW.

In that case, you didn't do it for quite a long time, because in that regard, things improved to the point where it became a very quick and painless process. I say this as someone who, like many, had a very bad experience with it in the past.

As for scam e-mails, I stopped paying attention to them a long time ago, and I marked even legal e-mails from Ledger as spam, so I got rid of that hassle.

Well, I have several hardware wallets ...some bought a few years ago and some more recently, so it is difficult to say. In any way, I do not fall for crap like this, but I wanted to warn other people.. that might be a bit more gullible. 

The firmware upgrade thing is a tender subject, because it is a nightmare ... or rather it was a nightmare to upgrade the firmware for the Ledger Nano ..the last time I did it.   

Thanks for letting us now, however, this is the usual for those who have been victim of a email data leak.
For example, I have gotten those in the past even though I don't even own a ledger, also from alleged Metamask costumer service prompting me to update my KYC information, all of it in the spam tray. 

I would like to assume most of people who post here in the hardware wallet section would never fall for these cheap attempts of thievery, those who would are on Twitter and Facebook, who do not even know how seed phrases work and decided to buy a cold wallet without doing their own research about them.

Cheers.

If they are professionals, they will ask you to update the firmware, and then, after a few days, your wallet will be empty, but it seems that their intelligence is less than trying to write something like this, so the easy solution is to enter your seed.

@OP Is this a random email or did you recently buy Ledger Nano hardware?

Seems like one of the worst attempts I have seen so far since the Ledger data leak fiasco. Have the low-life degenerates really written the date as February, Monday 20 2023?
It's interesting that they are only looking for KYC data. Unless the address you are redirected to wants you to enter your seed as well.

Just want to post that there are a new phishing attempt out there for all Ledger Nano hardware owners :

Dear customer,

Our system has shown that your ledger has not been KYC updated.
(Know Your Client)


This update of Ledger Live can be done easily via your personal QR-code below.

Wallets that are not up to date in ledger live will be locked out of the use of
Ledger live due to outdated software on:
February, Monday 20 2023


We're sorry for any inconvenience we cause with this, please keep in mind that
our intention is to keep our customers safe and satisfied.


Thank you for understanding.

Scan the QR-code with the camera of your smartphone

<< QR code omitted for the people who would be tempted to click on it for some reason>>