Coinbase Users Targeted in Advanced Scams
Scammers target Coinbase users with phishing attacks, even using Coinbase's domain name in fraudulent messages.
Users of Coinbase, a crypto exchange, have recently been using Twitter to report scams and phishing attacks related to the company's services. Some users say that scammers are even using Coinbase's own website name.
A recent case happened on July 7. A Twitter user named Daniel Mason said he got texts and emails from scammers using the website Coinbase(.)com. The scammer used a real phone number and then sent an email from a Coinbase(.)com domain. They then sent a phishing text message with a link to a Coinbase website and asked for Mason's address, social security number, and driver's license number.
According to Mason, the scammer spoke English well. Telling Mason that he would get an email from Coinbase about a breach in his account. Immediately, an email from help@coinbase(.)com came in.
There have been many reports on social media of security problems involving Coinbase. Coinbase's support page has many complaints from users about different types of scams.
One person, who wanted to stay anonymous, said they called Coinbase's support line to check if an email was real. A Coinbase employee said it was real, but it turned out to be from a hacker. This person said, "A Coinbase employee confirmed a hacker was a Coinbase employee, who then stole my crypto." They said they lost about $50,000.
These reports are similar to an attack on Twitter user Jacob Canfield. He got a text and calls from a scammer on June 13 about an alleged change in his two-factor authentication (2FA).
The email help@coinbase(.)com is listed on Coinbase's support page as a trustworthy and official email. Coinbase's blog also says its staff will never ask users for their passwords or two-step verification codes and won't ask for remote access to devices.
Coinbase further stated that it has "a lot of security resources dedicated to teaching customers how to avoid phishing attacks and scams." They also work with international law enforcement to make sure scammers are prosecuted.
Security experts recommend using strong, unique passwords for crypto accounts and turning on 2FA on apps.