/cdn.vox-cdn.com/uploads/chorus_asset/file/24016885/STK093_Google_04.jpg)
/cdn.vox-cdn.com/uploads/chorus_asset/file/24808816/Starfield__The_Settled_Systems___Supra_Et_Ultra_____Starfield__The_Settled_Systems___Supra_Et_Ultra_2023_7_25_94252.263_1440p_streamshot.png)
UPDATE (July 7th 9:33PM UTC): This article has been updated to include Coinbase’s response.
Coinbase users have been turning to Twitter in recent weeks to report scams and phishing attacks involving the company’s services and applications, including claims that scammers are using the crypto exchange’s domain name.
was the most recent exposure on July 7 by a Twitter user named Daniel Mason, who allegedly received texts and emails from scammers with links under the coinbase.com domain.
The fraudster contacted Mason using a real phone number, then triggered an email from a coinbase.com domain, followed by a phishing text message, before verifying Mason’s address, social security number and driver’s license number. Directed him to the coinbase subdomain URL.
I founded an identity/security company.
I am currently building an authentic company.
But my Coinbase account *almost* got phished.This (second) is the most legitimate fraud attack I have personally experienced. Wild story below.
— Daniel Mason (SF Next Week) (@dgmason) 7 July 2023
As Mason noted, the scammer was well spoken and a native English speaker. The fraudster allegedly said during a phone call that Mason would receive an email from Coinbase regarding the alleged breach of his account. Immediately, an email arrived from help@coinbase.com. “Did he make a case on my behalf? Or access the Coinbase mail server?” Mason commented on Twitter.
Mason’s experience is one of many reporting security incidents involving crypto exchanges on the social media platform. A quick look at Coinbase’s support page reveals that users are complaining about a variety of scams, including phishing on Coinbase wallets and criminals using the company’s web address.
Cointelegraph spoke to a victim with a similar point of view. The person, who asked to remain anonymous, claims he called Coinbase’s support line to verify the authenticity of an email about a user’s account being compromised. The employee then confirmed that it was genuine communication, but the email was the work of a hacker.
“A Coinbase employee identified a hacker as a Coinbase employee, who then stole my crypto. They then attacked me before taking no accountability, even though I had witnesses, the time and date of the call and the employee I spoke with.” Claims that his property is approximately $50,000 The damage is done.
Reports follow the same pattern attack on Twitter user Jacob Canfield. Canfield reportedly received a text message and phone call from a fraudster on June 13, citing an alleged change to her two-factor authentication (2FA).
holy crap.
I just got hit with one of the most complicated scams #crypto What I have seen till date.
Please read if you use @coinbase,
This just happened 15 minutes ago.
This is a warning to all Coinbase users!
There has been a data breach of some sort.
First I… pic.twitter.com/aOVWLpAtY4
— Jacob Canfield (@JacobCanfield) 13 June 2023
“They then forwarded me to the ‘security’ team to verify my account to avoid a 48-hour suspension. They had my name, my email and my location and sent a ‘verification code’ email from help@coinbase.com to my personal email,” Canfield explained, adding that the perpetrator “got furious and hung up” upon being told the code. will not be sent.
Email is help@coinbase.com enlisted on the support page of the exchange as a reliable and official address. The company’s blog also states that its employees will never ask for passwords or two-step verification codes from users and will not request remote access to devices.
In a statement to Cointelegraph, Coinbase said it has “extensive security resources dedicated to educating customers about preventing phishing attacks and scams. We work with international law enforcement to ensure that Anyone caught defrauding Coinbase customers should be prosecuted to the fullest extent of the law.
Security experts recommend strong, unique passwords for crypto accounts and enabling 2FA on applications.
Magazine: $3.4B Bitcoin in a Popcorn Tin – The Story of the Silk Road Hacker
