Phishing attacks and how to not fall victim

As the price action in crypto markets has intensified over the past three months, so has the interest of online attackers who employ ever-evolving tactics to steal funds. Whether you store your crypto in a Coinbase Vault or on a hardware wallet, we recommend that everyone take the time to understand common online threats and how to protect themselves. In this article, we’ll discuss one of the most persistent attacks we see against our customers — phishing.

Phishing is an extremely common type of online attack, and with good reason — once an attacker tricks a user into providing their login information, they can fully impersonate that individual. The Coinbase User Trust team investigates multiple reports of phishing every day and is constantly working to neutralize these attacks as quickly as possible. However, some hosting providers respond slowly (or not at all) to abuse reports regarding the misuse of their platforms. That’s why it’s important to be able to recognize signs that you’re being phished, even if you don’t see a warning from your browser.

Recent Phishing Trends

To help you recognize the signs that you’re on the verge of getting phished, we’ve provided you with some examples of the most common phishing techniques and trends being used to target Coinbase customers. If you see any phishing messages or sites like these in the wild, please report them to security@coinbase.com immediately.

New Device Confirmation Phishing

When you attempt to log into your Coinbase account from a device and location we don’t recognize, we will send you a device verification email that contains a unique, hard-to-guess authorization link. If you don’t click that link, the login attempt will fail. As a result, some phishing sites may ask you to copy and paste the device verification link in an attempt to bypass this security measure. The real Coinbase login page will never ask you to copy and paste that link.

Email Password Phishing

Here an attacker is attempting to trick potential victims into sharing the password to their email account so that the attacker can access the email and complete new device confirmation. Coinbase will never ask you to enter the password to your email address.

Phishing via Text Message

Do not let a phishing message like this play with your emotions. Always check your deposits by going directly to www.coinbase.com, or by using the Coinbase app.

Phishing via Email

Note the sense of urgency to entice people to click on the link. Hovering your mouse pointer over the link in this email will reveal this link is actually directing to the phishing domain: https://coenbase[.]com instead of https://coinbase.com. Again, please go directly to www.coinbase.com if you are ever unsure about an email you have received.

Coinbase Login Page Clone

In this example, pay special attention to the URL bar at the top of the browser: coinbase.pro-mrq[.]com is not a legitimate Coinbase domain and it does not have HTTPS (the green lock) enabled. The legitimate Coinbase domain secures all connections over HTTPS, and will always end in “coinbase.com”

Internationalized Domain Names

This phishing domain uses an Internationalized Domain Name (IDN) which closely resembles www.coinbase.com. However, looking closer will reveal that the domain is actually www.coįnbase[.]com (note the character accent below the “i”).

Also, even though the site has HTTPS (the green lock) enabled, the green lock does not mean you are on a legitimate website, only that you’re securely communicating with *some* website. This is a common point of confusion with browsing the web.

Protecting Your Account

Currently, the only known way to reliably avoid being phished is to use security keys (also referred to as U2F) with your online accounts. Not only can you use a security key to lock down your Coinbase account, but you can also use it with any other online services that integrate with them such as Gmail, Facebook, Dropbox, Instagram, Twitter, YouTube, and more. If you want to know more about security keys, you can learn more in our blog post here.

This website may contain links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of Coinbase, Inc., and its affiliates (“Coinbase”), and Coinbase is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. Coinbase is not responsible for webcasting or any other form of transmission received from any Third-Party Site. Coinbase is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by Coinbase of the site or any association with its operators.

Unless otherwise noted, all images provided herein are by Coinbase.