Flagging off an ongoing surge in online scams, users of the prestigious crypto exchange, Coinbase, have found themselves at the receiving end of aggressive phishing attacks. Lamentably, the cyber criminals are dexterously using the crypto exchange’s domain name, thereby bamboozling many into believing the authenticity of their felonious attempts.
The swindle unfolds as unsuspecting users report receiving phone calls and emails under the sobriety of ‘Coinbase.com’. A case in point is Twitter user, Daniel Mason, who allegedly found himself our maneuvered by a scammer contacting him via a legitimate phone number, followed by a phishing email sprouting from the bona fide Coinbase domain.
The plot thickens in these elaborate subterfuge campaigns; Daniel was contacted regarding a supposed compromise of his account, urgently needing a reset. His ordeal was then underpinned by an email originating from the official Coinbase address, drawing attention to the purported data breach. Notable is the unerring ability of the scammer to confirm the content and the timestamp of the email. Before he recovered from this sudden assault, Daniel was swamped by another follow-up email about his ‘case’. Quite unsettlingly, the scammer seemed to have access to his personal data, like Social Security Number, driver’s license number and address.
Alarmingly, Daniel’s narrative is not an isolated incident. Another user, Jacob Canfield, shared his brush with fraudulence when he was contacted thrice by ‘Coinbase support’ with a so-called notification of a change request to his email and two-step verification settings; a request he had never made.
On the flip side, Coinbase, in keeping with its commitment to security and user protection, has been vehement in iterating that the exchange’s staff will never seek access to users’ passwords or two-factor verification codes. They’ve also gone to lengths to educate their customers about phishing scams.
While these efforts are commendable, it’s disconcerting that these sophisticated scams are still haunting users. In fact, last year, a user reportedly lost a staggering 13.85 BTC to such a phishing attack. Undeniably, being targeted with listed email addresses on Coinbase significantly escalates susceptibility and leaves one vulnerable to such scams.
Given the circumstances, Coinbase’s noteworthy stand is the dedication of extensive resources to pre-empt and counter scamming attempts. However, the elephant in the room remains – the unaddressed use of the Coinbase domain name and listed email addresses in these exploits raises hard-to-ignore questions on the sanctity and robustness of current measures.
Source: Cryptonews
