Coinbase describes a targeted social engineering attack that led to the theft of some employee data. The attacker first sent smishing messages to several Coinbase employees, urging them to click a link and log in to their Coinbase work account. One employee fell for the attack, and the threat actor then attempted to use the victim’s account to gain access to Coinbase’s internal systems. Fortunately, the company’s security solutions prevented this.
Soon afterwards, however, the attacker called the same employee, claiming to work for the company’s IT department.
“About 20 minutes later our employee’s mobile phone rang,” Coinbase says. “The attacker claimed to be from Coinbase corporate Information Technology (IT) and they needed the employee’s help. Believing that they were speaking to a legitimate Coinbase IT staff member, the employee logged into their workstation and began following the attacker’s instructions. That began a back and forth between the attacker and an increasingly suspicious employee.”
While the attacker was able to glean some employee information from the attack, Coinbase’s security team detected suspicious behavior and alerted the targeted employee.
“As the conversation progressed, the requests got more and more suspicious,” the company says. “Fortunately no funds were taken and no customer information was accessed or viewed, but some limited contact information for our employees was taken, specifically employee names, e-mail addresses, and some phone numbers.”
Coinbase concludes that anyone can fall victim to a social engineering attack.
“Humans are social creatures,” the company says. “We want to get along. We want to be part of the team. If you think you can’t be fooled by a well executed social engineering campaign - you are kidding yourself. Under the right circumstances nearly anyone can be a victim. The most difficult attack of all to resist is a direct contact social engineering attack, like the one our employee suffered here. This is where the attacker directly contacts you via social media, your mobile phone, or even worse, walks up to your home or place of business. These attacks aren’t new. In fact, these kinds of attacks have certainly been happening since the early days of humanity. It’s a favorite tactic of adversaries everywhere - because it works.”
This attack illustrates the importance of a defense-in-depth strategy with a combination of technical defenses, security policies, and employee training. New-school security awareness training can teach your employees to follow security best practices so they can thwart social engineering attacks.
Coinbase has the story.