How To Recognize and Report Coinbase Scam Emails

Is Your Coinbase Account Safe?

In November 2022, Coinbase users were left unnerved when the cryptocurrency trading platform inadvertently exposed them to phishing scams [*]. 

Coinbase had unlinked all customer bank accounts and requested a reconnection via Plaid. This announcement was made in an email and left users questioning whether or not it was a scam.

For fraudsters, this was an opportunity to impersonate Coinbase via fake emails and dupe users into sharing their login information. If successful, these scammers could gain control over users’ accounts and crypto wallets. 

In the worst-case scenario, such phishers can steal personal information linked to your wallet, including your bank account details.

{{show-toc}}

Examples of Phishing-Related Coinbase Scams

Phishing emails and text messages often peddle stories that lure recipients into clicking on malicious links. In fact, 2022 was a record year for phishing — recording nearly 4.7 million attacks [*].

Here are seven types of fraud to which you could fall victim if you disclose information in Coinbase scam emails:

1. SIM swap attacks

These phone-based attacks work when an impersonator tricks mobile carrier networks into transferring someone's phone number to another SIM — one that fraudsters control.

In March 2023, a California man filed a lawsuit against Coinbase after he lost 90% of his life savings in a SIM swap scam. Criminals pocketed $96,000 upon exploiting the SMS-based two-step verification on the man’s account [*]. 

2. Technical support and impersonation scams

In this type of fraud, con artists advertise scam customer support lines for Coinbase to lure victims into phone calls. When someone calls the number, fraudsters trick the victim into divulging personally identifiable information (PII), such as account passwords.

⛳️ Related: What Are Scam Likely Calls? Can You Block Them? →

3. Giveaway scams

Some Coinbase scam emails promote scam sweepstakes that claim you can win if you complete a form on a separate website. The phishing site may even feature images of people promoting the phony giveaway.

4. Investment scams

Watch out for Coinbase email scams that promise high returns without risk — if something sounds too good to be true, it usually is. Investment scams survive on a constant flow of new, unknowing investors who fund the people at the helm of Ponzi or pyramid schemes.  

5. Loader scams

If anyone tells you that they need higher limits for trading and asks for your wallet login details in exchange for shares, it’s a load-up scam [*]. 

These fraudsters use stolen credit card information to bloat your wallet with cryptocurrency before draining the account. When authorities track the credit card fraud back to your wallet, you’ll be held responsible for any payment delinquencies.

6. Dusting attacks

These attacks unfold with scammers airdropping small amounts of cryptocurrency to multiple wallets [*]. Should a recipient attempt to move or withdraw the “dust” funds, the attacker tracks the activity and tries to discover your identity — before targeting you with various phishing scams. 

7. Employment scams

Fraudsters impersonate job recruiters, posting fake job ads that mislead people into sharing their information. 

A common approach involves scammers contacting applicants (who have published their resumes online) and then extend enticing, well-paid roles. First, the person must submit payment to begin training — this is the caveat.

How Can You Tell If a Coinbase Email Is Real?

You can sidestep the scammers by knowing the difference between real and disingenuous emails. If you have any concerns about the legitimacy of emails claiming to be from Coinbase, here's what to know.

Coinbase documents all official domains and subdomains

Genuine emails from Coinbase always come from one of the official domain names (or subdomain names) that end in “coinbase.com.” These include — but are not limited to — the following examples:

• support@coinbase.com
• contact@coinbase.com
• no-reply@coinbase.com
• contact@updates.coinbase.com
• info@cb.mail.coinbase.com
• @mail.coinbase.com

They use SPF, DKIM, and DMARC authentication on all emails

These three authentication methods — Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication Reporting and Conformance (DMARC) — help email vendors correctly identify the sender [*]. 

By cryptographically signing all of its emails using DKIM — and protecting its domain against unsigned emails with DMARC — Coinbase combats spam, phishing, and other email security risks.

They offer other verified contact channels

Aside from replying directly to an email from Coinbase, you can get in touch via other channels, such as social media. Visit the Coinbase Help Page to browse other verified Coinbase contact channels. 

They automate the account recovery process

Should you get locked out of your Coinbase account, the steps to regain access are similar to that of the sign-up process. 

Upon entering your account credentials, you’ll be redirected to a page with instructions on how to unlock your account. Here you must perform identity verification to initiate unlocking your account. After 48-72 hours, you'll get an email confirmation that should confirm your ability to log in again.

What Coinbase does not do:

• Send emails from lookalike URLs. Scammers try to deceive users by creating similar email addresses. For example, they might swap the "i" in Coinbase for a lowercase "L" — which may evade email security filters and land in your inbox.
• Ask for a customer's account sign-in information. Nobody at Coinbase will ever ask you for sensitive login details such as passwords or two-step verification codes. If anyone asks for this, you’re in contact with a scammer. 
• Request remote access to a customer's personal device. No bonafide Coinbase staff member will request remote access to your computer. Never give anyone remote access — this opens up unbridled access to your hard drive and financial accounts.
• Use urgency. A telltale sign of phishing emails is the use of urgent scare tactics. Fraudsters try to pressure victims into rushed replies before they have time to think clearly. If an email instructs you to unlock your account in one day to salvage your investment (or log in to Coinbase to claim a prize quickly), it’s best to take a pause.
• Ask a customer to send funds to an external wallet. No Coinbase support agents will ever ask you to make crypto transactions. If someone asks you to transfer cryptocurrency to external wallet addresses, it’s almost certainly a cryptocurrency scam. 
• Ask you to install software on your device. If you’re in contact with customer support at Coinbase, the staff members will never ask you to download specific programs, browser plug-ins, or add-ons. Beware of any unsolicited emails insisting that you install unfamiliar software.
• Make contact through Telegram. Note that Coinbase is not currently active on Telegram. If you receive communication from anybody claiming to represent Coinbase via Telegram, they should not be trusted.

Was Your Coinbase Account Compromised? Do This:

Here are seven steps you should take if you believe your Coinbase account was hacked:

1. Temporarily lock your account
2. Ensure that your email is secure
3. Review your bank account
4. Check for phone-based attacks
5. Inspect all recent Coinbase transactions
6. Contact Coinbase customer support
7. Notify local law enforcement‍

1. Temporarily lock your account

Coinbase can temporarily disable your account upon notice. If you think that you’ve been hacked, immediately contact Coinbase customer service, and request to lock your account. 

Here’s how the lock works:

• Nobody will be able to sign in — Coinbase locks any sign-in attempts.
• You can only log in after completing all secure access steps, including identity verification by uploading your ID or photograph.
• All financial transactions from the account will be restricted. 

Note that locking your account will not log out of any active sessions.

2. Ensure that your email is secure

If hackers have taken over your email account, they could access your cryptocurrency accounts. 

To safeguard your email account:

• Try signing in to your email account. If you can't get access, hackers may have changed the password. If your email account is compromised, follow any account recovery instructions provided by the email client. Google, for example, has extensive recovery steps to reclaim a compromised Gmail account.
• Change your email password. If you still have access, immediately create a new password. Also, your account will be more secure if you enable two-factor authentication (2FA).
• Check your personal data exposure. You can use third-party tools such as Have I Been Pwned to see if your passwords or data have been leaked in a data breach. Alternatively, use Aura’s Dark Web scanner to see if your personal information is circulating on the Dark Web.

3. Review your bank account

Chances are that your Coinbase account is linked to your bank account. If you have any suspicions about a potential hack, make sure that your bank account is not compromised.

• Change your bank account passwords. If you still have access to your online banking, update your passwords. Remember to create unique, long, strong passwords that you don’t use for other accounts. Also, if you haven’t already done so, enable 2FA.
• Review bank statements for unauthorized transactions. Review your monthly bank statements or recent transactions using your online banking app. Take note of anything suspicious.
• Report any suspicious activity to your bank. If you can’t get access to your bank account, or believe that an unauthorized third party has taken money from your account, contact the bank immediately. 

4. Check for phone-based attacks

Many Coinbase scam emails are linked to phone-based attacks because cryptocurrency wallets are usually connected with mobile numbers. 

Warning signs of phone-based attacks:

• You receive news about service changes. Your network provider confirms that your SIM card or phone number has been activated elsewhere.
• You can’t use text or call functions. If you can’t send or receive texts or phone calls, you might have fallen prey to a SIM swap scam. 
• You can’t use apps. After someone activates your phone number on another device, your SIM becomes unusable — this obstructs any app or account linked to that number. 
• You get security notifications. Any alerts about failed login attempts or changes to your profile, passwords, and security questions are blatant red flags of a hack.  
• You spot strange activity on your social media. If your friends or family claim that “you” have sent them unusual messages, or if you see unfamiliar posts appearing in your feed or inbox, this may indicate an account takeover.

Contact your phone service provider if you can confirm signs of a hack. Call your provider directly to request a port freeze, and ask that they lock the account to your current SIM card. If you have a Verizon account, you can lock your SIM by using the MyVerizon mobile app.

5. Inspect all recent Coinbase transactions

If you’ve received Coinbase scam emails or notice suspicious account activity, review your account to ensure that there were no unauthorized transactions.

• Review all recent transactions. Make a note of anything that you don't recognize, and report it to the Coinbase customer support team. 
• Check Your device and IP activity. After signing in, go to your Coinbase account settings to review active sessions. 
• Revoke access to anything unfamiliar. Sign out of all sessions, and revoke access for specific devices or unknown third-party applications.

6. Contact Coinbase customer support

If you notice unauthorized devices or web sessions, get in touch with the Coinbase support team so that they can investigate.

• Report the phishing email or text to Coinbase. Send an email to security@coinbase.com with details about any unauthorized activity on your account.
• Collect the email header. The Coinbase support team will need the full message header to properly investigate. Use MX Toolbox to gather and send the complete information.

7. Notify local law enforcement

If you lose money to a hacker or unauthorized third party, you should go to the police. You can file a police report at your local law enforcement office and ask them to contact Coinbase.

⛳️ Related: How To File A Police Report For Identity Theft (in 2023) →

To Secure Your Coinbase Account, Do This:

Anyone can buy email lists from data brokers or use data scraping tools to find email addresses on social media. Cybercriminals also purchase and sell personal information on the Dark Web, where a database of 10 million U.S. email addresses sells for a paltry $120 [*].

Regardless of how the sender secures it, never reply if you receive a spam email. Doing so only confirms to scammers that your email address is active — hence expanding their list of targets.

Use a password manager

Create strong and unique passwords for every online account. Remembering dozens of complex codes isn't easy — which is why 82% of people reuse passwords [*]. The safer approach is to use a password manager to create and store your login credentials.  

Enable two-factor authentication (2FA)

2FA adds an extra step in the login process that requires users to provide an additional form of identification. The second factor could be a one-time password (OTP), fingerprint scan, or hardware security key. This process makes your account more secure.

Install antivirus software and a virtual private network (VPN)

Antivirus software protects your devices against malware, spyware, and ransomware threats. With military-grade encryption and Wi-Fi protection, you can run regular scans and browse confidently while banking, shopping, and reading emails. 

Similarly, a virtual private network (VPN) gives you more privacy online. Hide your IP address, location, and browsing activity from scammers, hackers, and advertisers.

⛳️ Related: What To Do With an Old Computer (Before You Throw It Away) →

Adopt safe browsing practices

With every additional online account, you expand your digital footprint. Whenever you’re online or using public Wi-Fi — like at an airport or hotel — your data is at risk. 

Cultivate a habit of using ad blockers and screen locks. Also, remember to log out of applications when you’re finished — especially sensitive accounts, such as email or online banking.

Safeguard your cloud storage accounts

If someone gains access to your iCloud or Google Drive, they could make a backup of your data. Armed with this information about you, scammers could exploit your accounts and target you with various other scams.

To protect your cloud accounts, take the following steps:

• Only share files and folders with people you know and trust. Do not share access with strangers, and make sure that files you share don't include personal information. 
• Disconnect and deactivate unused accounts. If you leave your job or get a new smartphone, remember to unlink these old devices from your cloud storage. 
• Review and update connected apps. It’s convenient to integrate email clients with other apps such as your calendar. But every third-party connection adds another point of attack. Only use trusted apps that you download directly from the developer. 
• Clear deleted files. In most cloud storage accounts, you can retrieve deleted files for up to a few weeks. But this feature could leave sensitive information at risk.
• Set up alerts. With this feature enabled, you will receive notifications via email or text message about any activity on your accounts – like when someone shares a folder or removes a file.

Bookmark Coinbase on your browser

Phishing only works when people click on bogus links in emails and share personal information on fake websites. Avoid these proverbial trapdoors in Coinbase email scams by saving the official Coinbase website in your browser bookmarks bar.

Consider using the Address Book and Allowlisting features

Inside Coinbase, the Address Book lets you add and store crypto addresses that you know and trust.

• Add a crypto address for any of Coinbase’s supported cryptocurrencies.
• Assign a nickname to each address.
• Search for an address by its nickname when you want to withdraw crypto.
• Save a new address anytime you withdraw crypto to an unknown address.

Allowlisting is a security feature that ensures crypto withdrawals only go to addresses already stored in your Address Book. You can enable or disable this feature within the Address Book by using 2FA.

Switch to Vaults on Coinbase for long-term storage

If you plan to store cryptocurrency investments in your Coinbase account for a long time, consider using a Vault. 

Anytime you wish to withdraw from a vault, there is a multi-email approval process and a 48-hour time delay. You can cancel a withdrawal at any point in those 48 hours. These safeguards make it harder for hackers to steal from your accounts.

Recognize phishing and Coinbase imposters

Look out for mangled grammar, typos, and odd designs in emails that appear to be from Coinbase. If the sender name or URL does not include “coinbase.com,” tread carefully. 

Anytime you receive a suspicious email claiming to be from Coinbase, report it. Forward potential scam emails to security@coinbase.com to verify their authenticity.

Worried About Coinbase Phishing? Aura Can Help.

Shepherding your online privacy and assets is an ever-evolving challenge. As cybercriminals become more sophisticated in their efforts to take over your accounts, consider a more proactive approach.

Aura is an all-in-one digital protection solution that helps keep you safe from identity theft, financial fraud, and online threats. 

Aura’s user-friendly app includes antivirus software, a VPN, and password manager — making it easy to prevent phishing attacks. If scammers strike, every Aura plan includes up to $1 million in identity theft insurance coverage per adult along with support from Aura’s U.S.-based team of White Glove Fraud Resolution Specialists to help you recover from fraud.

Shop, browse, and work online safely. Try Aura free for 14 days →