3 min read

Malicious Actors Target Crypto Wallets of Coinbase Users in New Phishing Campaign

Alina BÎZGĂ

March 09, 2021

Malicious Actors Target Crypto Wallets of Coinbase Users in New Phishing Campaign

Cybercriminals are targeting Coinbase platform users with phishing campaings in an attempt to steal their account credentials and drain their cryptocurrency wallets, Bitdefender Antispam Lab has learned.

According to our latest telemetry, the phishing campaign was noticed since mid-February, targeting over 25,000 users. Sixty-nine percent of the fraudulent correspondence originated from India, 13.73 percent from Brazil, 10 percent from the US and 2.33 percent from Japan.

When analyzing the final destination of the phishing emails, we noticed the following:

  •  54.72 percent reached users from South Korea
  •  12.53 percent reached users from Sweden
  • 7 percent reached users from Ireland
  • 6.78 percent reached users from Japan
  • 5.12 percent reached users from the United States
  • 2.81 percent reached users from Great Britain
  • 2.16 percent reached users from Canada

The crooks are attempting to dupe recipients into accessing a fake login URL to enter their username and password. In both versions of the scam, the threat actors send out fake notifications that warn recipients of unusual activity in their account, requiring immediate verification from users who wish to regain access to the platform.

“We recently detected an unusual activity on your coinbase account,” one of the fraudulent messages reads. “Unfortunately we had to suspend your coinbase in order to ensure the safety of your account. “This suspension is temporary,” the message continues. “We will need some additional information to verify your identity, Please visit the verification form to complete your identity verification and regain access to your coinbase account.”

Sample 1: initial Coinbase phishing email

Sample 2. ongoing Coinbase phishing email

Sample 3. fake Coinbase login page

Throughout 2020 and beyond, fraudsters have sought financial gain by sending legitimate-looking emails that tempt victims to enter their account username and password or provide personally identifiable information.

The trend toward impersonating cryptocurrency trading platforms to steal user information is likely to continue throughout the year. Although this ongoing phishing exercise does not include a malicious payload that could expose recipients to additional threats or file-encrypting ransomware, threat actors may continue to fine-tune their tactics.

What should victims do?

If you”ve already received such a fraudulent email, make sure to delete it. If you”ve submitted your account login information, head to the official website and change the password immediately and enable the two-factor authentication feature to add an additional security layer.

The Coinbase platform also gives you ways to recover or temporarily disable your account in case of compromise. As always, immediately change the passwords for all online accounts that share the same email and password combination (although reusing credentials for multiple accounts is something that”s not usually recommended) to avoid further compromise and account takeover.

Be wary of unsolicited correspondence and double-check page URLs before signing in. The use of industry jargon, official logos, and even similar email addresses does not guarantee an email is legitimate. Take your time to assess the message and the reason behind it. Don”t be tempted to immediately respond or access a link, even if you”re advised to do so under the threat of consequences such as account closures. Go to the official website directly from your browser, log in and look for any associated account notifications

Note: This article is based on technical information provided courtesy of Bitdefender Antispam Lab.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read