be aware of a currently ongoing phishing campaign targeting coinbase.com users

I just received a very believable phishing attack targeting coinbase.com, and I wanted to make the community aware of the attack.

The attack starts by an automated phone system calling you, and informing you that someone from germany attempted to change the phone number associated with your coinbase account. It prompts you to press “1” on your phone if it was an action you did not perform.

After doing so, you will receive a follow up call a handful of minutes later. The person on the phone sounded like a native English speaker, and had enough familiarity with cryptocurrency and the related jargon that they came off as knowledgeable.

During the phone call, they sent an email to verify their identity. The email comes from a Russian server, fakes the sender email to appear as [email protected], and utilizes a domain which contains utf-8 characters to appear as if it is the legitimate coinbase domain if you inspect the email headers (help@coìnbase.com) (notice the weird ‘i’ in the domain).

I did not proceed with the phishing attempt after this point, as getting the domain is enough to temporarily halt the attack. I have already reached out to coinbase, as well as the domain registrar they used for the domain… but if you receive a call similar to what I described, do not engage with the automated system. I assume by pressing “1”, you are placed in a queue for the scammer to reach out to you.

thanks, for reading this far, and stay safe out there!