Posted

6 Ways hackers carry out phishing to access your crypto account (Coinbase as a case study)

There are various fraudulent ways hackers have been phishing the personal information of crypto wallet users on various crypto exchanges and other crypto service platforms. Coinbase recently suffered a hack which affected up to 6000 users. It is believed by Coinbase that this hack was a phishing attack on unsuspecting victims. Using Coinbase as a case study, we identify 6 ways hackers carry out phishing to gain access to your account: 

  1. Phishing through new device confirmation

When login in from a device and location unrecognized by Coinbase, Coinbase will send you a device verification email. This email contains a unique authorization link which you must click in order to link your device with your Coinbase account. Now in a bid to bypass Coinbase’s authorization system, the hacker typically design a phishing site that deceives the unsuspecting victim into  believing that he or she is on a Coinbase site. The user copies and pastes the device verification link in the phishing site, whereas Coinbase would never ask for this. And there, you have lost control of your account!

Coinbase

2. Phishing through email password

This phishing email gives you a reason to disclose or enter the password associated with your Coinbase account. Once disclosed or entered by the unsuspecting victim, the hacker is able to access your email. It is not in Coinbase’s confirmation practice to require you to disclose or enter the password to your email address. If you fall for the trick, the hacker can complete the new-device confirmation without further  contacting you.

Coinbase

3. Phishing through text message

Hackers may attempt to gain access to your Coinbase account by sending you a text message that looks like one from Coinbase.  If the text message claims that you have received a deposit and provides a link to check, avoid clicking such link. Instead, login to your Coinbase account directly through the Coinbase website or app. In the crypto space particularly, your seemingly lucky day can quickly become your nightmare.

Coinbase
Just as a bait is thrown in the river to catch unsuspecting fishes, so are phishing messages or links thrown at your cyber world to make a victim of you. The central idea of phishing is to defraud you by taking advantage of the trust you may have in the affected platform in order to obtain from you the personal or sensitive information needed to access your account. This is why you must secure yourself by not involving in any activity that put your cybersecurity at risk in anyway. Imbibe a safe and secure cyber life.

4. Phishing through email

Email phishing is very common. So always check and recheck the links provided in emails you supposedly receive from Coinbase. By simply hovering your mouse pointer over the link, you will be able to discover where the link is really directing to. If from a hacker, this link would certainly direct you to the domain name the hacker uses as a bait for his or her unsuspecting victim. Here, you may discover the link to be something like this https://coenbase[.]com instead of https://coinbase.com. Whenever you are in doubt, login to your Coinbase account directly through the Coinbase website or app. As for the phishing email, ignore, delete, or move it to spam.

Coinbase

5.  Phishing through login page clone

Whenever you visit a (supposedly) Coinbase site, always pay attention to the URL bar at the top of the browser. The legitimate URL is https://coinbase.com. The HTTPS (green-lock sign) must be shown to be enabled. This means that all connections and information shared on the site are secured. But beware that having a green-lock sign does not guarantee that you are on a legitimate website. It simply means that you are on a site where your communication is secured. Absolutely; you could as well be securely communicating with a hacker! This is why the importance of paying special attention to the domain name cannot be overemphasized.

Coinbase

6. Phishing through closely identical but illegitimate domain names

You may already be aware that hackers also use confusingly similar or almost identical domain name with a legitimate site in order to hack your account: www.coin-base[.]com for example instead of the legitimate www.coinbase.com. But do you also know that hackers now also use character accent to deceive you into thinking that you are on a legitimate site? For example, you end up on a phishing site like this www.coįnbase[.]com (notice the character accent below the “i”?)

Coinbase

Rounding off

As crypto adoption grows, so are bad actors adopting various phishing methods to bait and catch unsuspecting victims. Setting up a 2-factor or multi-factor authentication for your crypto wallet is one of the ways you can secure your crypto wallet from hackers. To remain safe, you must always be alert—round the clock.

One Comment

Leave a Reply

Your email address will not be published.