Coinbase Scams: How Do They Work and How Do You Protect Yourself?

Coinbase is one of the world’s largest cryptocurrency exchanges — it was the first to be added to the S&P 500 — and attackers are using its popularity to steal people’s money.

It’s fairly common for companies to send automated emails confirming changes made to your online account.

The problem? Scammers know this and will send these kinds of messages to pull off a cryptocurrency scam.

Coinbase is a legitimate company, but how do you tell the difference between a real email and these scams that can drain your digital wallet?

Let’s talk about how these scams work and what you can do to protect yourself.

What are Coinbase Scams?

1. You receive a fake alert.
2. It tells you a wallet was added to your account.
3. The email provides a fake phone number and case reference number.
4. You call the number, hoping to solve the issue.
5. The scammer poses as Coinbase support and gets your account information to steal your cryptocurrency.

Wallets are how users send and receive cryptocurrency, NFTs and other items. For this scam, the email claims that someone else’s wallet was been added to the user’s account, which, of course, means the user’s account was compromised.

The email lists a customer support phone number for the recipient to call and a case reference number to make the email appear legitimate.

Instead, that number goes to an attacker posing as a customer support specialist who will ask for your account details to steal any valuable items you have.

How Do You Protect Yourself from Coinbase Scams?

So, how do you avoid becoming a victim of these Coinbase scams?

1. Be suspicious of unexpected messages: No matter how a message arrives (email, text, private chat, etc.), always be skeptical of its intentions. If it’s asking you to do something you’ve never done before, there’s a good chance it’s fake. This scam is tricky because it’s quite common for online companies to send you emails if you’ve changed your password or added a new payment method. If you suspect someone changed your account, navigate to the site yourself and confirm those changes were made. Change your password immediately if your account was compromised.
2. Check who the message is from: An email from Coinbase should have an “[name]@coinbase.com” in the “From” field. Look for misspellings or close usernames like “@coinbase-support” or “@coinbase.help.”
3. Check for red flags in the email: While the blue font color in the example above makes it appear as if those are clickable links, clicking those numbers does nothing. There isn’t even a link to Coinbase’s website. You should be generally suspicious of links in emails anyway, but an email from a legitimate company with no links is almost more suspicious. Additionally, be wary of emails that ask you to act immediately. Attackers want you to act without thinking, hoping the urgency of the matter will cloud your judgment.

Stay Alert, Stay Secure

Even if your organization doesn’t use cryptocurrency, scams like this train attackers for bigger, more targeted phishing attempts. That’s why employee phishing training is essential.

Contact us to schedule a consultation. Our phishing training turns your employees into a first line of defense before that click costs you everything.

Stay updated! Get tips and insights delivered to your inbox weekly by subscribing to our newsletter.