As a trusted player in the market, Coinbase provides a user-friendly interface and a sense of security for millions of individuals venturing into the realm of digital currencies.
Coinbase scams can negatively impact your experience on the platform. Common scams include phishing, where scammers make fake websites or emails that look like real Coinbase messages; the promise of big profits through fake investments, and fake customer support.
1) Technical Support Impersonation
Scams involving fake technical support and impersonation tactics are set up by fraudsters who pretend to be associated with various companies, spanning finance, technology, retail, telecom, and services, or even regulatory bodies.
They may post fake customer support phone numbers online, targeting unsuspecting individuals seeking assistance, or they might even call potential victims.
These scammers are quite clever, using social engineering to make false claims that deceive and manipulate their targets into divulging personal information. This information is then used for fraudulent activities, posing a serious threat to your privacy and security.
Always avoid granting remote access to your computer, as this would give scammers unrestricted entry into your digital life, including online financial accounts.
On top of that, avoid sharing 2FA (2-Factor Authentication) security codes or passwords with anyone. Legitimate Coinbase staff will never ask for these sensitive authentication credentials.
2) Airdropped Attacks
Airdropped tokens can be a great way to discover and engage with new cryptocurrencies, as issuers send free assets directly to your wallet to raise awareness.
However, it’s important to approach these airdrops with caution and take certain precautions.
For starters, If you receive airdropped tokens, it’s advisable to reach out to the asset issuer directly for guidance on how to manage and transfer these assets.
Some airdropped tokens may have specific conditions, such as being frozen by their smart contract, and may involve intricate instructions for trading. Seeking guidance from the asset issuer ensures that you navigate these complexities correctly.
Be extra cautious when dealing with airdropped tokens from issuers you’re not familiar with. Some scammers exploit airdrops as a means to gather personal information and potentially gain unauthorized access to your accounts.
Always verify the legitimacy of the airdrop and the issuer before taking any actions.
Genuine airdrop campaigns will never ask for your 12-word recovery phrase. If you encounter any request for this sensitive information, consider it a red flag.
Your recovery phrase is a crucial element in securing your wallet, and sharing it can expose you to security risks.
3) Dusting Attacks
Dusting attacks in the cryptocurrency space, where attackers send minuscule amounts of cryptocurrency, known as “dust funds,” to numerous wallets through an airdrop.
The cunning strategy begins when recipients of these tiny amounts attempt to cash out or transfer the funds. The attacker then exploits this activity to uncover the identity of the wallet owner, paving the way for phishing scams or other malicious attacks.
These attackers might go a step further by incorporating URLs into the token names, encouraging recipients to visit websites with malicious intentions.
These websites could aim to trick individuals into revealing sensitive information like their seed phrases, a critical element in securing cryptocurrency wallets.
To thwart the attacker’s attempts at analyzing and de-anonymizing your wallet, refrain from cashing out or moving the received dust funds. By leaving them untouched, you deny the attacker the necessary activity to exploit.
Phishing scams trick you into revealing your login credentials or sensitive information, potentially compromising your accounts or wallet.
These deceitful websites and decentralized applications (dapps) employ various tactics to appear genuine, such as emails, SMS text messages, social media, and search-engine advertisements.
Ensure you are on the correct website by double-checking the URL of the dapp. Phishers often create fake websites with URLs that closely resemble the legitimate ones. Take a moment to confirm the web address to avoid falling into their trap.
Research the dapp platform thoroughly. Look for reviews, testimonials, or any other information that validates the authenticity of the service. Genuine platforms will have a reputable online presence, and this extra step can safeguard you from potential scams.
5) Giveaway Scams
These scams involve sharing fabricated messages from reputable companies and executives, endorsing giveaways and providing links to fake websites. To make matters worse, phony accounts jump into the conversation, adding an illusion of legitimacy.
The ultimate goal is to trick individuals into sending cryptocurrency under the pretense of “verifying” their address for the supposed giveaway.
Never send cryptocurrency as part of a giveaway claiming to verify your address. Take your time when encountering giveaways or offers on social media.
Screenshots of messages can be easily manipulated, and scammers often create fake accounts to participate in these deceptive schemes. Before engaging with any entity on social media offering giveaways, use a reputable search engine to research their legitimacy.
Valid giveaways are well-publicized through official channels. Check the authenticity of the giveaway by verifying the URL. Ensure that the web address matches the official one associated with the supposed giveaway.
Coinbase Account Protection
Having an active Coinbase One subscription comes with the added benefit of Coinbase Account Protection. If you are subscribed, you could potentially qualify for a one-time reimbursement for actual losses, up to a maximum of $1,000,000 in U.S. Dollars.
This reimbursement extends to losses incurred due to a compromise of your Coinbase Account login credentials, arising from vulnerabilities or deficiencies in Coinbase’s systems and security protocols.
To qualify for reimbursement under the Coinbase Account Protection, you must meet the following criteria:
- Active Coinbase One subscription – You need to have an active Coinbase One subscription at the time when the losses, known as Reimbursable Losses, were sustained.
- Minimum account duration – Your Coinbase account must have been open for a minimum of thirty (30) calendar days before the date on which the Reimbursable Losses occurred.
- Photo identity verification – Successfully complete the photo identity verification process before the date of the Reimbursable Losses.
- Two-factor authentication – Enable two-factor authentication on your Coinbase Account using either an authenticator application (such as Duo or Google Authenticator), a security key (like Yubikey), or push notification through the Coinbase mobile application. It’s important to note that two-factor authentication via SMS is not sufficient to qualify for coverage under Coinbase Account Protection.
- Timely request submission – File your request for reimbursement of Reimbursable Losses with Coinbase within ninety (90) days from the date when you sustained these losses.
- Police report submission – Promptly file a police report with your local police department related to the Reimbursable Losses. Send the report to Coinbase, along with a reasonably detailed description of the incident and your customer support ticket.
Certain situations are not covered by Coinbase Account Protection, and the company will not reimburse you in certain situations. Loss of funds held outside of your Coinbase account, including Coinbase Custody, Coinbase Wallet, or non-custodial wallets linked to Coinbase Commerce, is not covered.
Coinbase Account Protection does not cover funds voluntarily sent to a third party in connection with an investment scam or any other situation. It also does not cover losses resulting from mistakenly buying or sending Digital Currency to the wrong recipient.
Reimbursement is not provided for losses resulting from knowingly and voluntarily participating in fraudulent activities. Losses due to security vulnerabilities or technical deficiencies in your computer, mobile device, or security key are not covered.
Coinbase Account Protection does not cover losses resulting from events or actions that you were aware could compromise your account security if you fail to promptly notify Coinbase in accordance with the Security Breach section of the Coinbase User Agreement.
Examples include losing your security key or API key, providing remote access to a third party, or sharing your login credentials and/or 2-factor authentication codes with others.