What is a phishing attack?
Most common phishing methods
Avoid sharing sensitive information, like usernames, passwords, and credit card numbers with people you don’t know.
Be patient and extra vigilant when examining urgest requests from unknown or unsolicited senders.
Look at URLs and make sure there are no common typos in the web address. Attackers will often use domain names that are nearly identical to the one they are impersonating. I.e. coinbase.com vs. colnbase.com
Avoid clicking links in emails before checking, especially if the email is unsolicited or is “urgent.” Hover over the link first and if the alt text doesn’t match the display text, don’t click on it.
Misspelled words and bad grammar are signs that something is wrong. Be thorough and pay attention to these small, but important, details.
Any promise of extravagant rewards or monetary compensation should be treated with the utmost suspicion. Avoid clicking or downloading anything from messages that claim to offer you unrealistic rewards.
If you feel like something is wrong, gather more information before acting:
Call or message the person you think is being impersonated
Go to the company’s website to further investigate
Don’t be afraid to reach out to customer support to verify if a particular message you received is legitimate
Learn how to keep your account secure from Trust and Safety experts at Coinbase. Compromising the sim card inside your phone is a popular strategy for attackers to get a hold of your crypto. Get info on best practices when it comes to sim swapping scams and learn how to avoid them.
Search engine phishing exploits the trust we have in search engines and the convenience of searching for something rather than remembering the domain. The following piece outlines what search engine phishing attacks may look like and how Coinbase users can avoid them.