Coinbase has shared details of a broad phishing attack that took place in April and May of this year. The popular cryptocurrency exchange said there had been “a significant uptick in Coinbase-branded phishing messages targeting users of a range of commonly used email service providers.”
Phishing is where criminals impersonate legitimate organizations through fake email, text, or phone messages. They then trick customers into revealing sensitive information, such as passwords or account details.
According to Reuters, over 6,000 Coinbase customers lost money to the scammers. But these types of scams don’t only happen in cryptocurrency. More widely, a report from security experts Tessian shows that 75% of organizations around the world experienced some kind of phishing attack in 2020 — and 96% of those came by email.
One email a day could help you save thousands
Tips and tricks from the experts delivered straight to your inbox that could help you save thousands of dollars. Sign up now for free access to our Personal Finance Boot Camp.
By submitting your email address, you consent to us sending you money tips along with products and services that we think might interest you. You can unsubscribe at any time.
Please read our Privacy Statement and Terms & Conditions.
How Coinbase phishers stole money
The scammers used several types of emails to pass themselves off as Coinbase customer service or security representatives. These included an email that pretended the user’s account had been locked, and another with a fake URL that captured user login information when clicked. One message contained an app that then gave the criminals access to people’s email accounts.
Once attackers had stolen Coinbase login details or accessed people’s email accounts, they could then go on to steal their funds. Coinbase says it has taken steps to avoid future attacks of this kind and stressed that the fraudsters did not breach the platform’s broader security measures.
How to protect yourself against phishing
The best way to protect yourself against phishing and other types of fraud is to be cautious about emails or text messages you receive, especially if you’re not expecting them.
Here are a few techniques to keep your accounts safer:
- Don’t click on links in emails, even if they seem to come from a reputable source. Instead, bookmark URLs to sensitive sites — whether it is your bank or your crypto exchange. That way you’ll always know you’re going to a real site and not a fake one designed to steal your data.
- Look carefully at the content of your messages. Watch out for obvious typos or errors in the logo, and be suspicious of email addresses that don’t seem quite right. A crypto platform will not contact you from a Gmail address.
- Don’t open attachments. If you receive an attachment from an unknown source, opening it could infect your computer with malware.
- Use two-factor authentication (2FA). This extra layer of security adds an additional verification step, such as a code you receive by SMS or email. Many sites also use apps that generate authentication codes.
- Use strong passwords. Whether it’s for email accounts, online banking, or cryptocurrency apps, the number of passwords we have to juggle can feel overwhelming. But try to resist the temptation to use the same password for multiple accounts — or to use easy-to-remember passwords like your date of birth or child’s name. You can install a password manager on your computer or create your own system that helps you generate and remember them all.
- Make sure your antivirus software is up to date. Criminals are constantly coming up with new ways to attack your computer and steal your information. That’s why it’s a good idea to regularly update your antivirus software and scan your computer.
If you do accidentally click a link or fall victim to a phishing scam, make sure you change all your passwords and report the fraud to both the organization involved and the Federal Trade Commission. Depending on the type of information that’s stolen, you may also want to freeze your credit with the three major credit bureaus to prevent scammers from opening fraudulent accounts in your name.
Unfortunately, as our world becomes more digital, phishing and other forms of online fraud will increase. But the more cautious you are, the less likely you are to fall victim to them.