As a rule of thumb, if you receive an unsolicited text, especially one claiming to include a security code, it's likely part of a phishing scheme. Such is the case with a recent spate of unprompted texts purporting to be from the crypto wallet service Coinbase. If you receive such a message, even if you have a Coinbase account, delete it. Someone is likely trying to scam you.
Coinbase isn't texting you
Here's how the scam works: You receive an unsolicited text message that reads "Your Coinbase withdrawal code is..." followed by a six-digit number. The message continues: "Please do not share this code with anyone. If you have no requested this, please call:" followed by a phone number and a reference number.
On the surface, this seems like a fairly standard two-factor authentication (2FA) code. Most companies include a similar warning in their messages when sending along your code, as hackers really want you to give them those digits. In many cases, a 2FA code the only thing standing between them and your account, so companies want to ensure you don't hand yours over to someone else.
Unfortunately, this text is an example of the opposite: a scammer impersonating the language of a legitimate company in order to gain your trust. The hope on the scammer's part is that you receive this text and assume that it's real, but worry, because you know you didn't request a 2FA code. Since you now trust that the message really is from Coinbase, you might turn to the contact number conveniently included with the message to follow up. Hey, they've even attached a reference number, so the "Coinbase rep" you talk to can track your issue. How considerate.
In reality, this is one big scam. If you called the number, the scammer will likely continue the charade, perhaps by assuring you that they'll help secure your account. My guess is that the scammer would ask you to "verify" your Coinbase login credentials, which they would enter on their end, triggering the legitimate 2FA process. Once you receive that code, the scammer might ask you to tell them what it is as part of verification process. But once they have that code, they can log into your account for real, change the password, and lock you out. Bye bye crypto.
If you're a Coinbase user, this definitely seems concerning, but don't worry too much: I've been getting these scam texts myself, and I don't have a Coinbase account. While scammers might be targeting Coinbase users who have had their information leaked in data breaches, it's more likely they're simply sending these scam texts to leaked phone numbers en masse. They'll likely snag some anxious Coinbase users in their net, but I'm sure they'd happy "chat with" anyone who doesn't have a Coinbase account who happens to call, too. "Oh, you don't have a Coinbase account? No problem, we'll get this cleared up for you. Can you just confirm your Social Security number for us, so we can make sure you're really not in our system?"
What to do when you get a suspicious texts
It can be tempting to respond to these texts once you know they are scams, especially when the goal is to simply waste the scammer's time. But as fun as that can be, my advice is to ignore these texts whenever you receive them. While the immediate risks are diminished once you know the "rep" is really malicious, responding to these texts lets the scammer know your number is active, and, in response, they might file it away for a future scam attempt. Scammers can also be clever. If you're not careful, you might give away more information than you realize while you're "messing" with them. Part of a phishing scheme is establishing a rapport: The scammer wants to lull you into a false sense of security so you give them personal details that might help them steal your info or break into accounts.
The best thing you can do is to delete these texts whenever you receive them. If your messaging app of choice gives you the option to report the text as spam, all the better.
from News https://ift.tt/izaCYud
via IFTTT
No comments:
Post a Comment