A phishing campaign is impersonating cryptocurrency trading platform Coinbase, Tech.co reports. Crypto trader Jacob Canfield described the campaign in a Twitter thread, stating that the threat actors texted and then called him.
“First, I received a text message saying that my @coinbase 2FA was changed,” Canfield said. “I then received three calls from a @coinbase ‘customer support’ that was from a San Fransisco number asking if I was traveling outside of the US and if I requested an email change and a 2FA change. (NOTE: I tried to record this, but couldn't find my wife's phone before they hung up) I said no to traveling and they said that they cancelled the 2FA and email change request and sent a text to verify it was cancelled. They then sent me to the 'security' team to verify my account to avoid a 48 hour suspension. They had my name, my email and my location and sent a 'verification code' email from help@coinbase.com to my personal email.”
The threat actor then threatened to lock Canfield’s account if he didn’t provide the verification code.
“I told them that I didn't need their assistance and I changed the password already and he told me that it wouldn't work to verify the account and that they would be locking it down for 7 days due to a lack of verification unless I provided the code,” Canfield said. “He then got angry and hung up the phone on me after I told him that I wouldn't provide the code.”
Fortunately, Canfield recognized the scam, but noted that he knows of several people who have fallen for it.
“After the first text, I immediately logged into my #coinbase and changed the password and 2FA and caught on that it was a scam almost immediately, but I doubt that 98-99% of people that get this would realize it and would have unlocked their #coinbase accounts,” Canfield said.
New-school security awareness training can enable your employees to thwart phishing and other social engineering attacks.
