Coinbase Tops the List of Most Impersonated Brands in Web3 Scams, How to Prevent That?

Coinbase cryptocurrency exchange has become the primary target for scammers and malicious actors in the Web3 space, as revealed by a recent survey.

The survey highlights that among all crypto firms in the United States, Coinbase is the most impersonated brand in phishing attacks. The attacks are deceptive online schemes aiming to trick investors into sending digital assets to fraudsters' crypto wallets. In fact, over the past four years, there have been 416 reported phishing attacks involving the fraudulent use of the Coinbase brand, according to a Mailsuite report shared with Cointelegraph. The report analyzed over 1.14 million scams and found that more than 249,000 incidents involved attackers impersonating companies or organizations.

Phishing Scams Targeting Coinbase Users

Phishing scams targeting Coinbase users typically involve attackers pretending to be legitimate representatives of the company. These scams aim to acquire victims' account information, allowing fraudsters to access accounts and transfer funds to their own wallets. Common methods include:

Smishing Attacks: Cybercriminals send messages to Coinbase users, claiming fake withdrawals or security concerns. These messages often ask for personal information or login credentials. Smishing can lead to SIM swap attacks, where the attacker gains control of the victim's phone number, enabling unauthorized transactions.
Technical Support and Impersonation Scams: Scammers posing as Coinbase support contact users, claiming issues with their accounts and requesting login credentials or verification codes. Once obtained, these credentials allow attackers to access accounts and transfer funds.
Verification Scams: Attackers send emails requesting users to verify their login credentials or provide verification codes. If users comply, the scammers gain access to their accounts and lock them out.
Giveaway Scams: Fraudsters promise compensation or free crypto via fake Coinbase emails, asking for login information or redirecting users to external websites. Once users enter their credentials, attackers access their accounts to make unauthorized transactions.
Urgent Account Action Scams: Scammers exploit users' fear of losing their crypto by sending urgent emails about account issues, prompting users to provide login credentials or verification methods.

Recognizing Fake Coinbase Emails

Coinbase employs SPF, DKIM, and DMARC authorizations to cryptographically sign and protect its official emails. Users can identify fake emails by looking for the following signs:

Urgent Tone: Scammers often use urgent language to pressure users into acting quickly.
Grammatical Errors: Fake emails may contain numerous grammatical errors and contradictory information.
Requests for Login Information: Coinbase will never ask for account details, login information, or device information via email.
External Communication: Official Coinbase communication will not occur through instant messaging apps like Telegram or Viber, nor will it request SMS confirmations.
Requests to Send Funds: Coinbase will never ask users to send funds to another wallet.
External Links: Official emails will not contain links to websites outside the Coinbase domain.
Unverified Email Addresses: Legitimate emails will come from addresses ending in coinbase.com.
Requests for Remote Access: Coinbase will not request remote access to users' devices.

While Coinbase leads in the crypto space, traditional finance and technology brands also face significant impersonation. The Mailsuite report indicates Bank of America was impersonated in 645 phishing attempts, and Mastercard in 1,262. Meta, Facebook's parent company, topped the list with 10,457 reported scam incidents over the past four years, followed by the U.S. Internal Revenue Service with 9,762 scams.

The Growing Concern of Crypto Scams

Crypto scams and exploits remain a significant issue, with nearly $19 billion worth of crypto stolen in the past 13 years across 785 reported hacks and exploits, according to a Crystal Intelligence report. The largest theft was the 2019 Plus Token fraud, involving $2.9 billion worth of Bitcoin and Ether. Crypto hacks in 2024 may surpass those in 2023, with $542.7 million stolen in the first quarter of 2024 alone, a 42% increase from the same period in 2023.

It is worth noting that Coinbase is the world's second-largest centralized cryptocurrency exchange (CEX), with a daily trading volume exceeding $1.8 billion, according to CoinMarketCap. The exchange enjoys a high trust score of 10/10 and attracts over 40.9 million monthly visits, as per CoinGecko data.

In conclusion, Coinbase's prominence in the crypto industry makes it a prime target for phishing scams, but users of all exchanges and platforms must remain vigilant. Recognizing the signs of fraudulent emails and understanding common phishing tactics are crucial steps in protecting digital assets. Therefore, addressing and mitigating these security challenges will be essential for fostering trust and achieving broader adoption.

All users should always stay alert and informed, regardless of the platform they use, to safeguard their investments in the evolving crypto market.