Cybersecurity experts have warned of an elaborate scam targeting customers of cryptocurrency exchange Coinbase.
Researchers from security firm PIXM recently discovered an email campaign whereby attackers masquerade as Coinbase to trick people into handing over their account credentials.
In the email, the user is warned that their account needs attention due to an “urgent matter”. Sometimes they need to confirm a transaction, and sometimes they need to provide additional information to prevent their account from being locked.
Bypassing two-factor authentication
Regardless of the contents of the email, they always carry a heavy dose of urgency, and obviously, provide the user with a link where they can log into the platform and sort out the mess. However, the link leads to a fake webpage that looks almost identical to the real Coinbase site.
But here’s where it gets really advanced. Most users have two-factor authentication enabled, so the crooks devised a way to work around it. When a user types in their passwords, they get relayed to the actual Coinbase site, and then the crooks ask for the 2FA code as well.
To make things even worse, the victim gets redirected to a site that says “account suspended” and offers them a chance to talk to “customer support”. Yet again, this is not the actual Coinbase customer support, but rather the continuation of the scam, where the attackers try to obtain as much personally identifiable information on the victim as possible.
The data they’re looking to obtain at this point, according to the researchers, includes phone numbers, postal addresses, emails, and estimated account balance.
- Get physical for enhanced protection with the best security key (opens in new tab) choices today