Consumer Protection Tuesday: How to Spot and Stop Customer Support Scams

This post is part of a weekly Tuesday series at Coinbase about the latest consumer protection and security measures for crypto owners.

At Coinbase, we’re on a mission to help update the financial system to make it safer and more secure. While only 0.14% of blockchain transactions are used for illicit activity, and cash remains the preferred medium for illegal transactions, crypto security is always a top priority. Coinbase maintains a robust compliance program, which includes Know Your Customer (KYC) checks, sanctions screenings, suspicious activity reporting, and strong law enforcement partnerships to detect and prevent illicit activity on our platform.

When “Support” Isn’t Really Support

Phone-based social engineering scams are on the rise. In these attacks, scammers impersonate legitimate Coinbase representatives, often claiming to be from the security or support team, and try to convince you that your account is at risk.

They sound professional. They use industry terms. Sometimes they even spoof caller ID to look like they’re calling from a Coinbase number.

But make no mistake—this is a scam.

The Anatomy of a Coinbase Impersonation Scam

Here’s how a typical scam might play out:

1. The Call: You get a call from someone claiming to be a Coinbase security agent. They sound concerned and may even reference recent market events or security trends to gain your trust.

Red flag: Coinbase will never call you out of the blue.

2. The Urgent Warning: The caller says your account has been compromised or flagged for suspicious activity. They may mention unauthorized transactions or say your funds are at risk of being stolen.

Red flag: The scammer is trying to create panic and urgency.

3. The Trap: They may ask you to verify your identity by giving them a one-time passcode, providing login credentials, or installing a screen-sharing app so they can “help you secure your account.”

Red flag: Coinbase will never ask for your password, verification codes, or remote access to your device.

4. The Fund Transfer: The scammer might instruct you to move your crypto to a “secure wallet” or “vault” they’ve created for you—usually via a QR code or a wallet address they send you.

Red flag: No Coinbase representative will ever ask you to send crypto anywhere to “protect” your funds.

How to Stay Safe from Phone-Based Social Engineering

Here are key practices that can protect you and others:

• Don’t share sensitive information: Never give out your Coinbase login, password, or verification codes—no matter how convincing the caller sounds.

• Avoid third-party links or apps: If a caller asks you to download software or click on a link, don’t. Hang up immediately.

• Use Coinbase’s official support channels: Only contact support via the Coinbase website. Never trust unsolicited calls.

• Enable extra security: Turn on multi-factor authentication and security alerts in your account settings.

• Talk to someone you trust: If something feels off, pause and reach out to a friend, family member, or Coinbase support directly before acting.

Phone scams targeting Coinbase users are designed to exploit urgency and fear. By knowing the tactics scammers use—and remembering that Coinbase will never proactively reach out to you over the phone—you can protect yourself and others.

Stay alert, stay calm, and when in doubt, hang up.