In a harrowing event, a Coinbase user, wishing to stay unnamed, reported a sophisticated scam. The user received a text notifying them about a change in their two-factor authentication (2FA) settings on their Coinbase account. This initial message was soon followed by calls from individuals posing as Coinbase customer support. These fake representatives, armed with a San Francisco number, asked the user multiple questions ranging from their travel plans to requests for changing email and 2FA details.
Holy shit.
I just got attacked with one of the most complex scams in #crypto that I have seen to date.
Please read if you use @coinbase.
This just happened 15 minutes ago.
THIS IS A WARNING FOR ALL COINBASE USERS!
There has been some sort of a data breach.
First, I… pic.twitter.com/aOVWLpAtY4
— Jacob Canfield (@JacobCanfield) June 13, 2023
The Scammers’ Playbook
The scam took a sinister turn when the user got an assurance from the fake representatives about the cancellation of any unauthorized changes. The scammers cleverly texted a confirmation of this cancellation. They also redirected the user to their fake “security” team to circumvent an impending account suspension for 48 hours.
In a disturbing development, the scammers had access to the user’s personal details like name, email, and location. They sent an email from an address that appeared to belong to Coinbase, [email protected], included in it a “verification code” to further their fraud.
Also read: Former SEC Chairman Clayton Highlights Stablecoin Support Amid Crypto Regulatory Debate
The User’s Swift Response
Even though the user had growing suspicions, they declined additional help, swiftly changing their password and 2FA settings. This action seemingly alerted the scammers to their cover being blown. In a desperate move, they threatened to lock the user’s account for a week unless they shared the verification code they had provided. When the user didn’t give in, the scammers abruptly hung up.
Later, the user recognized that the “verification code” the scammers sent was actually their 2FA code. During the call, the scammers tried to access the user’s account using this code from their own email. This chilling evidence, including texts, calls, and emails, showcased the extremes scammers will traverse to exploit innocent crypto enthusiasts.
This incident emphasizes the need for increased caution and proactive defense mechanisms to protect digital assets. It’s important to note that not everyone may have the wherewithal to recognize such scams, which could lead to unauthorized access and potential loss of crypto funds.
This alarming story reinforces the need for robust security protocols, adherence to best practices, and a healthy dose of skepticism towards unsolicited communication. Users should tread carefully when receiving unexpected calls or emails linked to their crypto accounts and promptly report any dubious activity to the relevant platform.
***
