New phishing campaign uses Coinbase email

[cryptomaniac_xxx]

A new report surfaces that cyber threat actors are using Coinbase as an email to install a Office 365 consent app that will give control and access to a victims emails.

(1) the phishing campaign starts when you received a email supposedly coming from Coinbase with there new terms of services. Who wouldn't? Coinbase has been in the limelight lately with their supposedly 'apolitical' stand.



(2) if you click on the link, 'Read and Accept Terms of Service FAQ" you will be redirected to a new site, a legit Microsoft asking you to login

(3) if you login to your Microsoft account you will be prompted to "allow an app from coinbaseterms.app to access their account."

then it will allow access to your,

• Read your profile (User.read) - Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users.
• Read your mail (Mail.Read) - Allows the app to read email in user mailboxes.
• Read and write access to your mail (Mail.ReadWrite) - Allows the app to create, read, update, and delete email in user mailboxes. Does not include permission to send mail.

The full and technical details is here: https://www.bleepingcomputer.com/news/microsoft/coinbase-phishing-hijacks-microsoft-365-accounts-via-oauth-app/

So this criminals are gong to exploit everything, this time a Coinbase email to get access to your own email, it will be damaging if you have some crypto related stuff in your inbox.

[1714672943]

1714672943

[1714672943]

1714672943

[Coyster]

So this criminals are gong to exploit everything, this time a Coinbase email to get access to your own email, it will be damaging if you have some crypto related stuff in your inbox.

Yeah, this phishing is pretty dangerous for users who keep information about their wallet stored in their mail box, or any of their private data/info, the scammers will use it to either compromise their wallets or to ask for a ransome if they get any useful personal data about the person, that's why as a rule of thumb, anything of your crypto stuff that can lead to your wallet imported elsewhere, should either be written down safely somewhere or if saved on a device, it should be offline.

It can't be repeated enough that users should not click on random links, and should always verify from the official website whenever they get a mail that requires then to click on a link attached to it to be sure it's a legitimate update or whatever. Clearing your mail box is also another good practice imo

[Yaunfitda]

^^, Yes and probably more than that,  there could also be some personal stuff hiding somewhere in our email,  . And you really have to commend it to this criminals, they know that Coinbase as of late has been in the crypto media because Brian Armstrong is very vocal of his company Sixty Coinbase employees take buyout offer after no politics at work rule.

[jossiel]

By checking the email domain of the sender, they are not from Coinbase. I wouldn't click any link that it attaches. A very concise explanation from OP why no one should click links attached from suspicious emails.

Or if somebody accidentally clicks a link, if it's asking for permission or any login, no need to waste your time just close it immediately.

[libert19]

You can just look at the senders email, it looks far from legit.

Edit: ss shows you responded, I'm curious to know what did you respond.

[erep]

One thing is certain that the number of victims of phishing scams is increasing due to inaccuracy in checking the sender address, the keyword "sender address" is to describe the sender's identity so that it can distinguish between official, and scammer e-mail addresses, ignore any incoming messages other than not the official sender address.

[bob123]

A new report surfaces that cyber threat actors are using Coinbase as an email [...]

No, they aren't.

Just look at your own screenshot. The email address is

Code:

contact@shocktech.co.jp

They aren't even trying spoof a coinbase mail address.

This is one of the easy-to-spot phishing mails.

[Simakura]

Is it possible that Coinbase's emails were fake?

[Mandarava]

I am a little surprised why Coinbase does not use an anti-phishing code, like Binance does. It's so simple. If you receive an email from Binance and see your own anti-phishing code in the first line of this letter, then you are 100 percent sure that this is an authentic email. Why not adopt this simple method? This would save everyone from phishing once and for all.

[Taskford]

One thing is certain that the number of victims of phishing scams is increasing due to inaccuracy in checking the sender address, the keyword "sender address" is to describe the sender's identity so that it can distinguish between official, and scammer e-mail addresses, ignore any incoming messages other than not the official sender address.

Unfortunately many users doesn't know about this and coinbase must do a right counteraction regarding on this I think they should create something as @Mandarava said like binance anti phising feature since it could really help the newbies to determine the phising attempts. Also best thing to put on simple short warnings on notifications on the app or site just to make people aware and will not forget the risk about those kinds of attempts.

[mich]

Yes I am all so familiar with these phishing emails from Coinbase. 

I dont even use the exchange but somehow I keep getting floods of emails with suspicious links in them.

If you want to be extra cautious just never open a email from Coinbase unless it is addressed to you personally. 

[bob123]

[...] and coinbase must do a right counteraction regarding on this I think they should create something as @Mandarava said like binance anti phising feature since it could really help the newbies to determine the phising attempts.

And then they receive a phishing mail from another service they are using (e.g. online banking, other exchange, etc..) and they fall for it.
Specific anti-phishing codes are helpful, but people need to learn to spot phishing mails. Even without anti-phishing codes.

Not everyone is using anti-phishing codes. And it most likely won't change anytime soon.


Checking the header and looking at the sending mail address and maybe even at the originating mail server can most often call out those phishing mails.
And if everything seems to be legit but you are still unsure, visit the website directly (not via the URL inside of the mail) and contact the customer service to check whether the mail is legit.

[tbct_mt2]

The email in OP is not has a word relates to Coinbase and I feel a deeply regret to anyone who is scammed with that email. It is the official Help page of Coinbase: https://help.coinbase.com/en/contact-us

The page does not list all email addresses from Coinbase for customer support but you can see the hyperlink do has its domain name: coinbase.com. Legit email addresses will do have it too.