I nearly fell for this 'man in the middle' spoof this morning if it weren't for my Firefox browser telling me to get the hell out after I clicked to submit my 2FA. I suspect had Firefox not warned me the attackers would have run a script within seconds to empty my Coinbase account to another BTC address.
This is the spoof
http://coindase.com/singin/http://coindase.com/singin/login.htmSomehow I must have typed a 'd' instead of 'b'. I use Authy 2FA and had input the token and clicked submit when Firefox alerted me. I immediately changed my coinbase email address and password. All is well and my coins are safe.
I sent Coinbase whitehat an email alerting them.