Intro: More impersonation messages are using "order update," "refund confirmation," or "support callback" framing. Attackers use real order details to boost credibility, luring users into phishing pages or wallet-sensitive disclosures. Here are the main risk signals and verification principles.
Common patterns: Citing name and order number to build trust, then asking for a verification code or recovery phrase on a webpage — or switching to a chat app and sending files/links.
Risk signals: Sender-domain mismatches or typos; urgent tone or countdown; requests to disable security software, enable remote assistance, or follow a link to a non-official domain.
Verification principles: Reconcile orders and after-sales only on the official site or in Ledger Live; never enter recovery phrase or private keys via email buttons or chat links; when in doubt, query manually on the official channel first.
Response guidance (principle-level): Stop entering anything on a suspicious page immediately; keep screenshots and report via official support; if you've already clicked, verify accounts on a trusted device and rotate any exposed credentials.
Safety reminder: We will never ask for your recovery phrase, PIN, verification codes, or private keys. Anyone requesting them is attempting fraud — do not share and do not proceed.
