Intro: Imposter official sites and fake support pages are closer to the real thing visually, luring users into entering the recovery phrase or installing extensions. Here are the risk signals and verification principles for quick recognition.
Imposter traits: Domain differs from the official by only one or two characters, or uses short links to hide the real destination; pages clone the official colour scheme but buttons link to external forms.
Social engineering: Fake support quotes your order number and name in chat to build trust, then asks for wallet screenshots or remote assistance — usually with "urgent" or "disable immediately" pressure tactics.
Technical tells: Certificate info doesn't match the domain; page resources load from a mix of domains; download links point to non-official storage or demand you disable security software.
Verification principles: Reach the site by manual URL entry or bookmark; check for updates and support only inside Ledger Live or the official site; decline any request for recovery phrase, private keys, or verification codes.
Safety reminder: We will never ask for your recovery phrase, PIN, verification codes, or private keys. Anyone requesting them is attempting fraud — do not share and do not proceed.
