Protect your account from one of the most commonly used cyber attacks
By Coinbase Security team
- The Sending Number. One of the first things to check is the phone number from where the message was sent. By doing a quick Google search, you will find that this phone number is likely associated with a scam — your first red flag.
- The Message. Grammar mistakes are often a red flag indicating the message is likely a scam. If there are no grammar issues, check the intent of the message. Phishing messages will often attempt to tap into your emotions by either creating fear or excitement. If you receive a message that is emotionally triggering, either good or bad, it may be a phishing message and should be a red flag.
- The Link. Lastly, always be sure to examine the link. Plain and simple, if the link does not contain the domain Coinbase.com, it is phishing.
What to do if you receive an SMS phishing message
Now that you’ve got the tools to detect SMS phishing messages, the question remains — what should you do if you receive an SMS phishing message?
Luckily, the right response to protect yourself is easy: Do not click the link!
You can also copy the message and send it to 7726 (SPAM). 7726 is a short-code service established by US-based cell phone carriers like AT&T, Verizon, Sprint, or T-Mobile. By sending a copy of the SMS phish to 7726, you can help mobile carriers detect and block malicious messages on their network.
Lastly, take a screenshot of the message and send it to security@coinbase.com. You’ll be enabling our Security team to investigate the phishing link and submit abuse reports to organizations that can help have the phishing site taken down.
As cryptocurrency grows in popularity, cybercriminals will continue to innovate and attempt to discover new ways to gain access to your investments. Coinbase Security continues to keep our customers abreast of new threats as they arise. However, it is also imperative that you take the security of your account into your own hands. If you’d like to learn more about account security best practices, review our guide on how to keep your crypto secure.
Additional examples of SMS phishing
- The phone number is largely unknown according to Google
- The message has a grammar issue and is trying to invoke a fear response of unauthorized account access
- The link is not Coinbase.com. The domain in this link is what’s known as an Internationalized Domain Name (IDN). Take note of the special character accent on the “b”. Attackers will often use IDNs in phishing attacks since the letters can so closely resemble the word Coinbase.
- The phone number is abnormally long and suspicious
- The message has many grammar issues and is trying to invoke excitement by indicating receipt of 21 BTC
- The link is not Coinbase.com
- The phone number is largely unknown according to Google
- The message is trying to invoke excitement by indicating receipt of 0.59 BTC
- The link is not Coinbase.com (notice the link actually goes to the domain ssl-coinbase[.]com)
What you need to know about SMS phishing attacks was originally published in The Coinbase Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.
Go to Source
Author: Coinbase
