Fighting Complex Phishing Scams and
Keeping Your Account Secure from Hackers
Jacob Canfield, a well-known person in the crypto community, took to Twitter to warn Coinbase users about a situation he thought might be a possible data breach. It all started when Canfield received a text message telling him that his Coinbase two-factor authentication (2FA) had been changed.
He got three phone calls from people pretending to be Coinbase customer support, and their number seemed to be from San Francisco. These scammers asked Canfield if he was traveling outside the US and if he had requested any changes to his 2FA or email settings. Canfield immediately said he didn’t have anything to do with those activities. The scammers then sent him a text message saying they canceled the change requests, but they directed him to a fake Coinbase “security” team to verify his account and prevent a 48-hour suspension.
Surprisingly, these scammers had Canfield’s name, email address, and location details. They even sent him an email that seemed to be a “verification code” from firstname.lastname@example.org to his personal email.
Canfield shared this information with his followers on Twitter, explaining what happened. When the scammers asked for the verification code, Canfield refused to give it to them. He said the other person on the line got mad and then hung up.
As Canfield later found out, the code they sent him was actually his legitimate 2FA code. The scammers sent the code from their own email, hoping to drain his Coinbase account during their conversation. Interestingly, the screenshots of the fake emails looked like they came from Coinbase, but they were sent through Amazon’s email provider.
Holy shit.— Jacob Canfield (@JacobCanfield) June 13, 2023
I just got attacked with one of the most complex scams in #crypto that I have seen to date.
Please read if you use @coinbase.
This just happened 15 minutes ago.
THIS IS A WARNING FOR ALL COINBASE USERS!
There has been some sort of a data breach.
First, I… pic.twitter.com/aOVWLpAtY4
This story is an important reminder of the increasing complexity of cyber scams. It was suspected that the attempt was made possible due to a possible data breach in Coinbase’s third-party partners. If Jacob used the same email and password combination for his other accounts, and the hackers managed to access his main email, multiple other online accounts of his would be at risk.
Remember, it’s not just data breaches you need to worry about. Malware attacks and phishing scams can also hack into your accounts. So, stay alert and take steps to protect yourself.
Secure Your Email After A Data Breach
There are data breaches happening almost every week, putting your information at risk. Some of those are out of our control. But to stay on top of things, it’s a good idea to regularly check if your data has been compromised in a breach. Here are a few immediate steps you should take upon discovering that your email has been breached:
- Change your password immediately to prevent the hackers from accessing your account. Additionally, update this password on any other accounts where you use the same password to log in (such as online banking or social media) to avoid further compromises.
- Inform all your email contacts about the breach. Notifying them can help prevent them from falling victim to similar attacks by inadvertently clicking on malicious links sent from your compromised account.
- Verify and review your account settings. Hackers might have tampered with important settings like your security question and privacy preferences, which could leave your account vulnerable to further unauthorized access.
- Scan your computer for viruses and malware. It is possible that the hacker infected your machine while gaining access to your email. Running a scan and removing any detected threats promptly will help maintain the security of your data.
- Consider creating a new email address and deleting the compromised account. By doing so, you can ensure that the hacker no longer has access to your personal information and communications. Be sure to update your new email address with important contacts and online services.
What Can I Do To Prevent A Breach?
If you receive an email from your bank or any financial institution that appears suspicious or fake, it’s best not to click any links within the message. Beware if the email does not originate from your regular banking company and if the sender’s address differs from the official domain used by your bank. This is likely a phishing scam where attackers are using a spoofed domain to deceive you. In the story, although the email looked like it came from Coinbase, Jacob Canfield remained calm and refused to give verification numbers to the random callers.
If you have suspicions about your account being compromised but are unsure of the entry point, promptly contact the relevant company or service provider. They can assist you in securing your account and mitigating any further potential attacks.
Protect Your Email with Sangu Mail
Email hacks can be a big problem. They usually happen through phishing or compromised passwords. Signs of an email hack include being unable to sign in, unexpected messages in your inbox or sent folder, and reports of spam from your account. To protect yourself, follow email security practices and use a personal email security tool.
Sangu Mail protects customer email boxes from advanced cybersecurity threats— detecting and blocking spam, phishing, malware, and ransomware attacks before they arrive at your inbox. If you were to receive a similar fake “verification code” email as Jacob did, it would likely be filtered directly into your spam folder. This alone should raise your suspicion and encourage you to act with caution.
Stay vigilant and keep your email accounts safe!