Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Coinbase Attack Used Social Engineering

    Coinbase Social Engineering CampaignCoinbase describes a targeted social engineering attack that led to the theft of some employee data. The attacker first sent smishing messages to several Coinbase employees, urging them to click a link and log in to their Coinbase work account. One employee fell for the attack, and the threat actor then attempted to use the victim’s account to gain access to Coinbase’s internal systems. Fortunately, the company’s security solutions prevented this.

    Soon afterwards, however, the attacker called the same employee, claiming to work for the company’s IT department.

    “About 20 minutes later our employee’s mobile phone rang,” Coinbase says. “The attacker claimed to be from Coinbase corporate Information Technology (IT) and they needed the employee’s help. Believing that they were speaking to a legitimate Coinbase IT staff member, the employee logged into their workstation and began following the attacker’s instructions. That began a back and forth between the attacker and an increasingly suspicious employee.”

    While the attacker was able to glean some employee information from the attack, Coinbase’s security team detected suspicious behavior and alerted the targeted employee.

    “As the conversation progressed, the requests got more and more suspicious,” the company says. “Fortunately no funds were taken and no customer information was accessed or viewed, but some limited contact information for our employees was taken, specifically employee names, e-mail addresses, and some phone numbers.”

    Coinbase concludes that anyone can fall victim to a social engineering attack.

    “Humans are social creatures,” the company says. “We want to get along. We want to be part of the team. If you think you can’t be fooled by a well executed social engineering campaign - you are kidding yourself. Under the right circumstances nearly anyone can be a victim. The most difficult attack of all to resist is a direct contact social engineering attack, like the one our employee suffered here. This is where the attacker directly contacts you via social media, your mobile phone, or even worse, walks up to your home or place of business. These attacks aren’t new. In fact, these kinds of attacks have certainly been happening since the early days of humanity. It’s a favorite tactic of adversaries everywhere - because it works.”

    This attack illustrates the importance of a defense-in-depth strategy with a combination of technical defenses, security policies, and employee training. New-school security awareness training can teach your employees to follow security best practices so they can thwart social engineering attacks.

    Coinbase has the story.

     

    Return To KnowBe4 Security Blog

    Free Phishing Security Test

    Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

    PST ResultsHere's how it works:

    • Immediately start your test for up to 100 users (no need to talk to anyone)
    • Select from 20+ languages and customize the phishing test template based on your environment
    • Choose the landing page your users see after they click
    • Show users which red flags they missed, or a 404 page
    • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
    • See how your organization compares to others in your industry

    Go Phishing Now!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/phishing-security-test-offer

    Topics: Social Engineering

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews