Thousands of Coinbase Users Affected by Phishing Attack – Here’s How to Protect Yourself

Coinbase shared details of a massive phishing attack that took place in April and May of this year. The popular cryptocurrency exchange said there had been “a significant increase in Coinbase-branded phishing messages targeting users from a range of commonly used email service providers.”

Phishing is where criminals pose as legitimate organizations through fake email, text, or phone messages. They then trick customers into revealing sensitive information, such as passwords or account details.

According to Reuters, more than 6,000 Coinbase customers have lost money to scammers. But these types of scams don’t just happen in cryptocurrencies. More broadly, a report by security experts Tessian shows that 75% of organizations around the world experienced some kind of phishing attack in 2020 – and 96% of them came via email.

How Coinbase Phishers Stole Money

The crooks used several types of emails to impersonate Coinbase customer service or security reps. These included an email claiming the user’s account had been locked out, and another with a fake URL that captured the user’s login information when clicked. One message contained an app that then allowed criminals to access people’s email accounts.

Once attackers stole Coinbase login details or accessed people’s email accounts, they could then steal their funds. Coinbase said it has taken steps to prevent future such attacks and pointed out that fraudsters have not breached the platform’s broader security measures.

How to protect yourself against phishing

The best way to protect yourself against phishing and other types of fraud is to be careful with any emails or text messages you receive, especially if you aren’t expecting them.

Here are some techniques to secure your accounts:

• Do not click on links in emails, even if they appear to be from a trusted source. Instead, bookmark URLs to sensitive sites, whether it’s your bank or your crypto exchange. This way you will always know that you are going to a real site and not a fake one designed to steal your data.
• Look carefully at the content of your messages. Beware of typos or obvious mistakes in the logo, and beware of email addresses that don’t look quite correct. A crypto platform will not contact you from a Gmail address.
• Do not open attachments. If you receive an email attachment from an unknown source, opening it could infect your computer with malware.
• Use two-factor authentication (2FA). This extra layer of security adds an extra step of verification, such as a code you receive by text or email. Many sites also use applications that generate authentication codes.
• Use strong passwords. Whether it’s for email accounts, online banking, or cryptocurrency apps, the number of passwords we have to juggle can seem overwhelming. But try to resist the temptation to use the same password for multiple accounts, or to use easy-to-remember passwords like your date of birth or your child’s name. You can install a password manager on your computer or create your own system that helps you generate and remember them all.
• Make sure your antivirus software is up to date. Criminals are constantly coming up with new ways to attack your computer and steal your information. That’s why it’s a good idea to regularly update your antivirus software and scan your computer.

If you accidentally click on a link or fall victim to a phishing scam, be sure to change all of your passwords and report the fraud to the organization involved and to the Federal Trade Commission. Depending on the type of information stolen, you may also want to freeze your credit with the three major credit bureaus to prevent crooks from opening fraudulent accounts in your name.

Unfortunately, as our world becomes more and more digital, phishing and other forms of online fraud will increase. But the more careful you are, the less likely you are to fall victim to it.