Coinbase users have taken to Twitter to report an increasing number of scams and phishing attacks involving the company’s services and applications.
These reports include claims that scammers are exploiting Coinbase’s domain name.
The most recent incident was disclosed by a Twitter user named Daniel Mason on July 7. Mason received texts and emails from fraudsters who used links under the domain Coinbase.com.
READ MORE: Abnormally Large Outflows Spark Fears of Exploit
The scammer contacted Mason using a legitimate phone number and subsequently triggered an email from a Coinbase.com domain.
This was followed by a phishing text message directing Mason to a Coinbase subdomain URL.
The fraudster then proceeded to obtain Mason’s personal information, including his address, social security number, and driver’s license number.
Mason highlighted that the scammer was articulate and spoke English fluently. During a phone conversation, the fraudster informed Mason that he would receive an email from Coinbase regarding a supposed breach of his account.
Almost immediately, an email arrived from help@coinbase.com. Mason questioned whether the scammer had created a case on his behalf or gained access to Coinbase’s mail servers.
Numerous individuals on social media have reported similar security incidents involving Coinbase.
Users have complained about various types of scams, including phishing attempts on Coinbase Wallet and criminals exploiting the company’s web address.
Cointelegraph interviewed an anonymous victim who experienced a similar approach.
This individual called Coinbase’s support line to verify the authenticity of an email claiming their account had been compromised.
A Coinbase employee confirmed the communication was genuine, but it turned out that the email was the work of a hacker.
The victim alleges that the hacker, masquerading as a Coinbase employee, stole their cryptocurrency.
Despite having evidence such as a witness, the date and time of the call, and the name of the employee they spoke to, the victim claims Coinbase took no accountability.
The case is currently in litigation, and the victim estimates a loss of approximately $50,000.
These reports mirror the attack on Twitter user Jacob Canfield. On June 13, Canfield received a text message and phone calls from a scammer who claimed there had been a change in his two-factor authentication.
The fraudster redirected Canfield to the “security” team, attempting to verify his account to avoid a 48-hour suspension.
The scammer possessed Canfield’s name, email, and location, and sent a “verification code” email from help@coinbase.com to his personal email.
The criminal became agitated and hung up when Canfield refused to provide the code.
The email address help@coinbase.com is listed as an official and reliable address on Coinbase’s support page.
The company’s blog emphasizes that its staff will never ask users for passwords or two-step verification codes, nor will they request remote access to devices.
Coinbase stated in a response to Cointelegraph that it has dedicated extensive security resources to educate customers about preventing phishing attacks and scams.
The company collaborates with international law enforcement to ensure that anyone defrauding Coinbase customers faces legal consequences
To enhance security, experts recommend using strong and unique passwords for cryptocurrency accounts and enabling two-factor authentication on applications.
