Tag Archive for: COinBase

Southwest Airlines, Coinbase, and USPS: Top Scams of the Week

/in


This week we’ve found lots of phishing scams in which scammers are impersonating trusted brands, including Southwest Airlines, Coinbase, and USPS. Would you have been able to spot all these scams?  

Phishing Scams

Impersonating trusted brands, scammers send text messages and emails containing phishing links, attempting to trick you into clicking under various pretenses, e.g. offering you a free gift, asking you to verify accounts, or prompting you to track a package.

What do they want? These links lead to phishing sites designed to record your personal identifiable informatin (PII), such as email address, credit card number, and Social Security number. With these credentials, scammers can drain your bank account, steal your identity, or commit any number of other crimes. Below are some examples.

Southwest Airlines

Have you started planning for a trip during the Holiday season? If you’re searching for the best deals on tickets, be careful of the latest Southwest Airlines phishing scam:

SOuthwest Airlines

Falsely claiming that you can get a $100 Southwest Airlines gift card, scammers instruct you to fill out their online survey via the embedded button in the email. If you take the bait and click, it will take you to a fake Southwest Airlines page that will collect all the data you’ve submitted. Don’t let that happen!

Avoid Scam Sites for FREE

The truth is, there are lots of scams and scam sites on the internet and they’re getting harder to detect. For an easy and reliable method of detecting and avoiding scam sites, check out our free browser extension (Trend Micro ID Protection) and free mobile app (Trend Micro Check). 

Both ID Protection and Trend Micro Check can protect you against scams, phishing links, risky websites, and lots more! If you come across something dangerous online, you’ll be alerted in real time so you’ll know to stay well clear   

Coinbase

If you are using Coinbase or looking to invest in cryptocurrency, you should be on the lookout for bogus Coinbase emails:

Coinbase_Phishing Email

Posing as Coinbase, scammers will send you a fake notification stating that you’ve received some bitcoins in your wallet and that you…

Source…

Coinbase phishing hack signals more crypto attacks to come, says security firm

/in


Coinbase has increasingly been targeted by scammers with phishing attacks, according to security firm PIXM. (Photo by Marco Bello/Getty Images)

Recent phishing attacks on Coinbase and its customers revealed how these campaigns are not only becoming more sophisticated and multi-faceted, but how threats to cryptocurrency sites are on the rapid rise, according to research and analysis from security firm PIXM.

“Since its rise to prominence, [Coinbase] has been increasingly targeted by scammers, fraudsters, and cyber criminals, due in part to the fact that its user-base is so large and mainstream,” said the PIXM blog posted earlier Aug. 4, “it is assumed to cover an audience of casual, generally non-technical, crypto investors.” Coinbase is “arguably the most mainstream cryptocurrency exchange used globally,” having added more than 89 million users to its platform since it began business a decade ago in 2012.

In their “multi-layered” phishing attacks on Coinbase, cybercriminals sent out spoofed emails purporting to come from the cryptocurrency company in order to steal financial and personal data to resell and log into users’ legitimate accounts to steal their funds in real-time. The attacks combined email and brand impersonations to steal from Coinbase wallet-holders, despite their use of multi-factor authentication (MFA), according to PIXM’s analysis.

According to Chris Cleveland, founder and CEO of PIXM, this complex and sophisticated campaign involved “surprising tactics to steal much more than just passwords.”

“After stealing a user’s Coinbase password, the phishing sites used a built in two-factor relay system to enter the user’s password into the real Coinbase site and then further solicit the actual two-factor authentication code from the user, [which] allowed the hacker to bypass two-factor authentication and access a user’s Coinbase wallet.”

Bad actors typically sent Coinbase customers a notification that their account “needed attention due to an urgent matter,” such as being “locked” or requiring a transaction confirmation. “Users were prompted to enter login credentials and a two-factor authentication code into the fake website,” according to…

Source…

Coinbase Backs First Enterprise-grade Liquid Staking Protocol

/in


Coinbase, America’s largest crypto exchange, is venturing deeper into the realm of digital asset staking with its latest pledge of support.

The exchange published a company blog post stating that its cloud division would be supporting the development of the first-ever enterprise-grade liquid staking protocol.  

Coinbase Cloud is collaborating with staking platform Figment and software development firm Alluvial Finance to support a group of experienced founders and operators building the institutional-grade protocol.

Alluvial already operates a staking platform that it intends to expand and become decentralized through DAO governance.

Coinbase says liquid staking is growing  

Coinbase stated that liquid staking is a niche market and an “industry gap.” While there are already existing platforms such as Lido offering Ethereum staking, one for financial institutions has yet to be launched.

Traditional staking methods require tokens to be locked up or bonded for a set period in order to be eligible for yields. This is the case with the Ethereum consensus layer which began staking operations in December 2020, with ETH remaining locked in the smart contract. It will not be released until several months after the Merge which is slated for this summer.

Liquid staking opens up opportunities to efficiently utilize staked assets as collateral to trade, lend, and provision quickly and strategically, the blog post stated. Stakers receive equivalent tokens representing their collateral that can be used elsewhere.

“They can stake their tokens, receive back receipt tokens that evidence ownership of their staked tokens and use those receipt tokens to participate in the broader Web3 economy,” says the company.

According to Dune Analytics, liquid staking penetration has gone from less than 1% penetration in January 2020 to more than 35% today. Dune also reports that Lido staking represents almost a third of all ETH staked on the Beacon Chain with 4.1 million ETH staked.

Coinbase stated that these staking solutions do not meet the needs of institutions or mature regulated businesses which require enterprise-grade reliability, security, and KYC/AML processes.

“As part of the initial…

Source…

Coinbase hackers exploit multi-factor flaw to steal from 6,000 customers

/in


Bad actors were able to infiltrate the accounts of and steal cryptocurrency from around 6,000 Coinbase customers by exploiting a multi-factor authentication flaw, according to Bleeping Computer. The cryptocurrency exchange told the publication that its security team observed a large-scale phishing campaign targeting its users between April and early May 2021. Some users may have fallen victim to the malicious emails, giving hackers access to their usernames and passwords. Worse, even those who had multi-factor authentication switched on were compromised because of a flaw in the exchange’s system.

In the notification [PDF] it sent to affected customers, Coinbase said the bad actors took advantage of a vulnerability in its SMS Account Recovery process. That allowed the hackers to receive the two-factor token that was supposed to be sent via text to the account owner’s phone number. 

Coinbase recommends using two-factor with a security key on its website, followed by an authenticator app. It lists SMS authentication as a last resort, advising users to lock their mobile accounts to protect themselves from SIM swap scams or phone port frauds. Back in August, Coinbase also notified 125,000 users that their two-factor settings had changed, but the exchange said back then that the notification was sent by mistake and wasn’t the result of a hack.

In its letter to customers, Coinbase said it patched up its SMS Account Recovery protocols as soon as it learned about the issue. It’s also reimbursing everyone who’s lost cryptocurrency from the event. Those who were affected by the hack may want to make sure all their other accounts are secure, though, since it also exposed their names, addresses and other sensitive information when their accounts were infiltrated.

Source…