Help protect others by sharing any scam experiences you’ve faced.
We have identified a sophisticated phishing campaign targeting Ledger wallet users that requires immediate attention. This attack demonstrates concerning characteristics that warrant comprehensive reporting and awareness measures. # Incident Details - Target Platform: Email Communications - Primary Vector: Spoofed Official Ledger Support Messages - Impact Scope: Global Cryptocurrency User Base # Attack Characteristics 1. Social Engineering Tactics: - Utilizes urgency-based psychological manipulation - Employs sophisticated brand impersonation techniques - Creates false sense of authenticity through professional formatting - Attempts to bypass security protocols through emotional triggers 2. Technical Indicators: - Spoofs official Ledger customer success communication channels - Delivered via compromised or temporary email infrastructure - Contains suspicious links requiring immediate verification - Demonstrates advanced understanding of cryptocurrency security protocols # Impact Assessment - Potential Exposure: High - Severity Level: Critical - Risk Factors: - Advanced social engineering techniques - Highly convincing presentation - Multiple attack vectors - Sophisticated psychological manipulation # Recommended Actions 1. Immediate Mitigation: - Enhanced monitoring of cryptocurrency-related communications - Implementation of additional verification protocols - User education campaigns regarding authentication methods - Review of security protocols for cryptocurrency services 2. Long-term Prevention: - Development of advanced threat detection systems - Implementation of multi-factor authentication enhancements - Creation of comprehensive user awareness programs - Strengthening of community reporting mechanisms # Verification Protocols To verify authenticity of Ledger communications: - Always check sender domain (@ledger.com) - Verify official contact channels - Confirm request legitimacy through separate channels - Never respond to urgent financial requests via email # Reporting Instructions If encountered: 1. Do not engage with suspicious emails 2. Document all relevant details 3. Submit report to official channels 4. Maintain security protocol documentation # Additional Context This attack demonstrates evolving sophistication in cryptocurrency-related phishing campaigns. The combination of social engineering tactics and professional presentation makes it particularly dangerous for unsuspecting users. Immediate action and heightened vigilance are recommended to protect the cryptocurrency community. Please maintain highest alert status regarding this threat until further notice. Updates will be provided as additional information becomes available. Thank you for your attention to this critical security matter. Best regards,
SMS
Telegram 보안 인증을 빙자한 피싱 문자입니다. 사용자의 계정 해킹을 막는다고 속이며, 링크 클릭을 유도합니다. 해당 링크는 피싱 사이트로 추정되므로 주의가 필요합니다.
OTHER
Hello, ChainBounty Community, I recently encountered a classic scam while selling Bitcoin on eBay. I want to share this experience to warn others and help prevent similar fraud. 📌 Incident Overview 1. I encouraged my parents to invest in Bitcoin, and they started selling it on eBay. 2. A buyer made a payment via PayPal, and after confirming the transaction, we sent 1 BTC. 3. About a week later, the buyer claimed they "never received the Bitcoin" and opened a dispute on eBay. 4. This appears to be a classic chargeback scam, where the buyer receives the Bitcoin and then falsely claims non-receipt to get a refund. ⚠️ How to Avoid Similar Scams - Avoid selling Bitcoin on eBay or through PayPal. (Bitcoin transactions are irreversible, but PayPal does not protect digital assets.) - Keep detailed transaction records and store the blockchain transaction ID (TxID). - If a dispute arises, use blockchain transaction proof to defend your case. - Report scams to eBay, PayPal, and relevant authorities immediately. These scams are becoming more frequent, and it’s crucial to stay vigilant. If you have experienced a similar issue or have advice on handling such disputes, please share your insights. Thank you.
SNS
Recently, there has been a surge in cryptocurrency theft cases disguised as airdrops in the crypto community. This article aims to explain these risks and provide prevention guidance. Airdrop scams are criminal schemes that promise free tokens or coins to trick users into connecting their wallets, ultimately leading to theft of their cryptocurrency holdings. These scams particularly target new cryptocurrency investors, luring them with promises of free tokens to gain wallet access. # Main types of scams include: Fake profile marketing airdrops: Creating fake accounts impersonating legitimate projects or influencers Phishing website attacks: Creating fake claim websites mimicking legitimate airdrop sites Unauthorized token/NFT drops: Sending unsolicited tokens or NFTs to users' wallets and directing them to fake claim websites !!Warning!! Red flags to watch out for: - Promises of unrealistically high returns or token amounts - Requests for wallet connections or private keys - Unclear or inadequate project documentation - Urgent time limits or FOMO creation - Typos or unusual URLs # Safe participation guidelines: - Verify information only through official channels - Check project team members' real identities and backgrounds - Review community reputation and activity history - Never share private keys or seed phrases - Visit official websites through new browser windows - Double-check URL accuracy repeatedly - Be cautious of unnecessary permission requests # Emergency response protocol if wallet compromise is suspected: 1. Immediately transfer all digital assets to a secure wallet 2. Revoke all connected API keys and permissions 3. Create a new wallet and backup !! Warning !! Legitimate airdrops prioritize protecting users' assets. Don't fall prey to promises of free tokens at the cost of exposing your personal information. Continuous education and vigilance are essential for safe cryptocurrency investing.
A new scam method using PayPal has been identified. Unlike typical phishing emails, this scam takes advantage of legitimate PayPal invoices, making it more deceptive and harder to detect. #Scam Overview 1) Receiving an Invoice Email That Appears to Be from PayPal - The email is actually sent from PayPal’s real domain (@paypal.com). - It contains an invoice from ‘Coinbase Inc.’ requesting a payment of $516.99 USD. - A note from the “seller” includes a message instructing the recipient to call a specific phone number to cancel the transaction. 2) The Invoice is Real and Visible on PayPal’s Website - Clicking the "View and Pay Invoice" button redirects the user to the actual PayPal website, where the invoice appears. - This means scammers are sending invoices directly to PayPal users without their consent. 3)Fake Customer Support Number for Further Phishing Attempts - The phone number in the email is similar to, but different from, PayPal’s official support number. - Calling the number results in an automated message before the call disconnects. - This suggests a potential setup for identity theft or further fraudulent attempts. #Precautionary Measures & How to Respond - Always verify suspicious invoices by logging into PayPal directly instead of clicking links in emails. - Never call the number provided in the email—check PayPal’s official website for the correct customer support contact. - Report any fraudulent invoices to PayPal immediately. - Enhance your PayPal security settings to prevent unauthorized invoices. This scam is more sophisticated than typical phishing attempts, as it uses legitimate PayPal emails and website features to create a false sense of authenticity. Users who receive similar invoices should report them immediately and take steps to strengthen their account security to prevent further attacks.
Recently, I received a Bitcoin scam email that attempted to extort money by using my email address and an old leaked password. The scam email falsely claims that my device has been hacked and demands a Bitcoin ransom. 📌 Key Points of the Scam Email 1) Spoofed Sender Address: The email appears to come from my own email address, but this is a spoofing technique used to fake the sender information. 2) Leaked Password: The email includes an old password that was likely compromised in a past data breach. However, my actual email account has not been hacked. 3) Threats & Blackmail: Claims that spyware was installed on my devices and recorded my private activities (such as watching adult content). Threatens to leak these recordings to my friends, family, and colleagues. Demands a Bitcoin payment to prevent the release of this so-called evidence. 4) Bitcoin Payment Demand: The scammer requests $1450 in Bitcoin to be sent to a specific wallet address. 5) Additional Threats: Claims that if I contact the police or delete the email, the supposed videos will be automatically released. Warns against trying to delete or destroy evidence. 🛑 How to Respond ✅ Change Your Password: If the leaked password is still in use, update it immediately. ✅ Enable Two-Factor Authentication (2FA): Strengthen your email security by enabling 2FA. ✅ Ignore & Delete: This is a common scam, and you should never send any money. ✅ Report the Email: Mark it as spam and report it to your email provider (Gmail, Outlook, etc.) or relevant authorities (such as the FTC or cybercrime units). ✅ Check for Data Breaches: Use Have I Been Pwned to check if your email was part of a past data breach and secure your accounts accordingly. 🚨 Final Thoughts This is a classic "sextortion" Bitcoin scam that relies on psychological pressure and fear tactics. While the threats may seem alarming, they are completely false—there is no actual spyware or recorded content. The scammer is simply using old leaked credentials to trick you into paying. Stay vigilant, follow online security best practices, and never fall for these scams! 🚀
I’d like to report a concerning phishing campaign that is actively targeting Coinbase users. Below are the details: 1) Issue Overview: Some users, including myself, are receiving phishing emails disguised as official Coinbase communications. These emails request users to log in through a fraudulent link. 2) Key Concern: Google’s email verification system is incorrectly marking these scam emails as legitimate. As a result, these emails bypass spam filters, significantly increasing their credibility and making them highly dangerous for unsuspecting users. 3) Steps Taken So Far: I’ve contacted Coinbase regarding this issue, and they confirmed that the email address used is not theirs. However, the fact that these phishing attempts are verified as legitimate by Google raises a critical security concern for all affected users. 4) Potential Risk: Users who fall for these scams are at severe risk of losing their funds and personal data. 5) Recommendation: Spread awareness about this phishing campaign. Advise users to double-check email links before logging in and ensure they only use official channels. 6) Request to Coinbase: Please investigate and address this issue as a priority. It’s vital to enhance the detection and prevention of such fraudulent emails.
Recently, I came across a phishing email scam impersonating PayPal. Below are the main details and characteristics of the email: 1. Sender Information Sender Name: Horrigan OT Instituto Sender Email Address: (Include the suspicious sender email address if available) 2. Email Subject Subscription Invoices_HN37190 3. Key Content The email pretends to be an invoice from PayPal, claiming that the recipient has already paid $380.82. It includes the statement: "Charge is already deducted. Please do not pay again." to reassure the recipient. The invoice lists a purchase for cryptocurrency (0.07973772 Coins) and related Chainblock receiving charges. 4. Suspicious Elements Fake Sender Information: The sender’s email address does not belong to PayPal’s official domain. Unrecognized Transaction: The recipient has no knowledge of this purchase, and it does not appear in their official PayPal account. Fraudulent Support Number: The number (877) 567-4770 provided does not match PayPal’s official customer support. Urgency Tactics: The email urges the recipient to check the attached file immediately, creating unnecessary urgency. 5. Potential Threats The attached file could contain malware or direct users to a phishing website. If recipients contact the provided number or open the file, they risk further financial information theft or monetary loss. 6. Recommended Actions Do not open the email or download any attached files. Verify the transaction by contacting PayPal’s official customer support directly. Report the email, including the full email header information, to PayPal and security organizations.