A crypto phishing campaign is underway right now, and they target mostly, Coinbase, Crypto.com, and KuCoin.
Mode of attack is the usual phishing email campaign, as the cyber criminals will impersonate Coinbase like saying that your account has been suspended.
And once you click the link, you will go to the fake website, and when you enter your credentials, the criminals will steal it at run-time login to the real Coinbase. Of course, you won't suspect anything at the beginning, because the fake website will also asked for your 2FA and then again once you enter it, they will automatically enter that to the real Coinbase website and then steal your crypto.
But this scammers will take to the next level and will asked for more info like in a live chat support.
For good measure, after successfully harvesting their target’s login information and 2-Factor pin, the attacker will now collect more information from them manually. The phishing pages will display a message that you are locked out of this account, and need to resolve it with Customer Support. Once that has displayed, a chat box appears in the bottom right corner, where the attacker will engage the target in a conversation to “recover” additional personal information related to your account, including phone number, address, email, estimated account balance, etc.This will help them should they have difficulty, or require additional validation, while they are accessing the targets account on their system. This also enabled the attacker to be live chatting with the victim to keep them engaged and distracted while draining their funds.
https://pixmsecurity.com/blog/phish/coinbase-attacks-bypass-2fa/Again, first rule of thumb is that we shouldn't click any link that we don't know where it came from. "Think before you click".
Common sense, used it, one of our best weapon against this impersonations.