Coinbase’s users have been turning to Twitter to report scams and phishing attacks involving the company’s services and applications in the recent weeks, including claims that scammers are using the crypto exchange’s domain name.
The most recent case was disclosed on July 7 by a Twitter user identified as Daniel Mason, who allegedly received texts and emails from scammers with links under the domain Coinbase.com.
The fraudster contacted Mason using a real phone number, then triggered an email from a Coinbase.com domain, followed by a phishing text message directing him to a Coinbase subdomain URL, before verifying Mason’s address, social security number, and driver’s license number.
I founded an identity / security company.
I’m currently building an auth company.
But my Coinbase account *almost* got phished.This is the (2nd) most legit fraud attack I’ve ever experienced personally. Wild story below.
— Daniel Mason (SF next week ) (@dgmason) July 7, 2023
As Mason notes, the scammer was well-spoken and a native English speaker. The fraudster reportedly said during a phone call that Mason would receive an email from Coinbase regarding an alleged breach of his account. Immediately, an email arrived from [email protected]. “Did he create a case on my behalf? Or access Coinbase mail servers?,” Mason commented on Twitter.
Mason’s experience is one of many on the social media platform reporting security incidents involving the crypto exchange. A brief look at Coinbase’s support page shows users complaining about several types of scams, including phishing on Coinbase Wallet and criminals using the company’s web address.
EdaFace spoke with a victim of a similar approach. The individual, who asked to remain anonymous, claims to have called Coinbase’s support line to verify the authenticity of an email about their account being compromised. The employee then confirmed it was real communication, but the email was the work of a hacker.
“An employee of Coinbase authenticated a hacker as a Coinbase employee, who then stole my crypto. They then strung me along before taking no accountability, even though I had a witness, time and date of call, and the employee I spoke to,” said the individual. The case is now under litigation. Among funds frozen and stolen, the victim claims to have lost roughly $50,000 in assets.
The reports follow the same pattern as the attack on Twitter user Jacob Canfield. Canfield reportedly received a text message and phone calls from a fraudster on June 13, citing an alleged change in his two-factor authentication (2FA).
Holy shit.
I just got attacked with one of the most complex scams in #crypto that I have seen to date.
Please read if you use @coinbase.
This just happened 15 minutes ago.
THIS IS A WARNING FOR ALL COINBASE USERS!
There has been some sort of a data breach.
First, I… pic.twitter.com/aOVWLpAtY4
— Jacob Canfield (@JacobCanfield) June 13, 2023
”They then sent me to the ‘security’ team to verify my account to avoid a 48 hour suspension. They had my name, my email and my location and sent a ‘verification code’ email from [email protected] to my personal email,” Canfield explained, adding that the criminal “got angry and hung up the phone” when told the code would not be sent.
The email [email protected] is listed on the exchange’s support page as a reliable and official address. The company’s blog also states that its staff will never ask users for passwords, two-step verification codes, or request remote access to devices.
Security specialists recommend strong, unique passwords for crypto accounts and enabling two-factor authentication on applications.
EdaFace reached out to Coinbase, but did not receive an immediate response.
Magazine: $3.4B of Bitcoin in a popcorn tin — The Silk Road hacker’s story
