Coinbase Con

#cybersecurity #drcybereye #scam #spam #phishing

Hello. My name is Dr. CyberEye. I break down complicated cybersecurity stuff and explain it in a simple way to the average user.

Baddies are out there. Learn how to protect yourself.

I have been getting these random Coinbase text messages recently that are quite crafty.

Instead of the telltale embedded link in a text message trope, this phishing scam

appeals to you to: "If you did not request this, please contact customer service

immediately." The text itself is a supposed MFA (Multi-Factor Authentication) code.

However.... there is a lot to unpack here. And if you've read any of my previous blogs, you

know I'm about to break it down (like MC Hammer in the 90s).

First telltale sign of a scam? I do not have a Coinbase account. Straight out of the gate, I know this is a con. However, we'll unpack this a little bit deeper.

The +212 area code that this text message is generating from belongs to Morroco. And then the number listed for their "Customer Support" points back to a Tennessee phone number.

Guess where Coinbase is headquartered?

Delaware.

I have to give them kudos for this; instead of creating or generating a fake URL for you to click on, they appeal to your paranoia and instead state cryptically, "If you have not requested this code, contact Customer Support immediately!"

I have to agree with them. Contact Coinbase Support immediately. You know... by the phone number listed on their website.

This is an obvious con but one worth pulling out of my text message inbox. Threat actors are trying to get crafty and use FEAR to cause you to engage.

Just to jump a little deeper into some of the psychology that these attacks count on. EVERY SINGLE logically and critically thinking human being knows when something seems too good to be true or have some inkling of when they are potentially getting scammed. It is an archaic, embedded feeling. However, these threat actors want the sense of urgency in their tactics to override all of these logical conclusions. They want you to act IN THE MOMENT. Without thinking it through. That is how they succeed.

Take, for instance, an incredible training that I went through at DEFCON a few years ago. The training was given by Jayson Street, an awesome former black hat hacker who now works on the right side of the law. During the adversarial training, he taught us that threat actors that impersonate someone (like a CEO, for example), try to appeal to that urgency and break up that potential thread of communication from their target and the person they are impersonating. For example, a CEO texts an assistant that they need 5 Amazon gift cards of $100 apiece immediately and that he's about to board a 10 hour flight so he cannot answer any further questions.

It seems like a silly example, but it works.

As always, stay safe out there!

Dr. C