Coinbase "Unauthorized Access" Email And Text Scams Explained

Coinbase is one of the most popular cryptocurrency exchanges, with over 89 million verified users. This massive userbase makes Coinbase a prime target for phishing scams trying to steal account credentials and crypto funds. One common ruse is the “Unauthorized Access” scam emails and texts.

This article will break down how the Coinbase unauthorized access phishing scam operates, red flags to watch for, and best practices to keep your account secure. Arm yourself with knowledge to avoid becoming a victim.

This article contains:

An Overview of the Coinbase “Unauthorized Access” Scam

The Coinbase “Unauthorized Access” scam sends phishing emails or texts pretending to be from Coinbase security teams. They alert the recipient that an unrecognized device was detected logging into their account, often from a suspicious foreign location.

You are provided links to “Secure Your Account” or “Review This Activity”, which actually redirect to convincing fake login pages operated by scammers. If you enter your Coinbase username and password, the scammers gain full access to drain your account of crypto.

This scam comes in many forms like:

Emails about “Failed login attempts”
Messages about new device logins
Warnings of withdrawals you didn’t authorize

All aim to trick you into panicking and thoughtlessly clicking on links that compromise your account. In the sections below, we’ll break down exactly how this scam ensnares victims at each step.

Step-by-Step: How the Coinbase “Unauthorized Access” Scam Works

Here is an in-depth explanation of how the phishing campaign unfold:

1. Scammers Obtain Databases of Coinbase User Emails and Numbers

The first step is for scammers to acquire databases full of Coinbase user contact information. These are obtained through data leaks, social engineering, breaching sites, buying on the dark web, and other means.

2. Phishing Emails or Texts are Sent Pretending to be Coinbase Security Alerts

Using the acquired contact data, the scammers send emails and text messages posing as time-sensitive security alerts from Coinbase. The “From” addresses are forged to appear to come from Coinbase domains.

Subject lines warn of “Failed login attempts” or “New device detected”.

3. Messages Claim Suspicious Access to the Account

The phishing emails and texts inform victims that a new, unrecognized device was caught accessing their Coinbase account. Often a suspicious location like Russia or China is named as the source to create urgency and fear.

The recipient is told they must immediately secure their account before the “hackers” drain their cryptocurrency and other assets.

4. Links Provided Allegedly Go to Coinbase Account Security Pages

Convenient links are supplied in the scam emails and texts that supposedly direct the recipient to Coinbase account security pages. They are told to “Secure Your Account” or “Review This Activity”.

In reality, the links route through redirects to phishing login pages operated by the scammers impersonating Coinbase.

5. Victim Enters Coinbase Login Details on the Fake Site

Victims who hastily click the link without checking it are taken to the realistic-looking but fake Coinbase login portal. Alarmed about the account compromise, they enter their email/username and password.

All credentials entered on the phishing site are captured by the scammers. 2FA codes are sometimes also requested and input.

6. The Scammers Drain the Compromised Coinbase Account

Now possessing the stolen login credentials, the scammers swiftly access the victim’s real Coinbase account. They drain any USD balance along with converting all cryptocurrencies to BTC and sending them to their wallet.

If they collected 2FA codes, they may disable that protection entirely. The legitimate account owner is locked out.

7. Any Remaining Account Value is Liquidated and Sent to the Scammers

Scammers seek to wring every last dollar from compromised accounts. They will liquidate staking balances, sweep crypto dust, and withdraw any funds added after the initial drain. Without immediate intervention from Coinbase, the account is drained.

This is how a convincing phishing campaign results in thousands stolen within minutes. All it takes is a lapse in judgment when encountering an unknown login warning.

What to Do If You Entered Credentials Through the Scam

If you already submitted your Coinbase login details through a phishing email/text link, take these steps instantly:

Step 1: Contact Coinbase Support – Alert them of the compromise and request they lock the account immediately before more is stolen.
Step 2: Initiate Account Recovery – Start their recovery process providing proof of ID and account ownership information to try regaining access.
Step 3: Reset Passwords – Change your email, Coinbase account, and financial account passwords. Enable 2FA everywhere.
Step 4: Watch for Suspicious Activity – Monitor linked financial accounts and credit cards for unauthorized transactions in the coming weeks.
Step 5: Scan Devices for Malware – Run malware scans in case clicking the phishing link infected your device.
Step 6: Avoid Secondary Scams – Do not trust any new messages claiming they can recover lost funds, these are secondary scams.

If you regain access, immediately transfer any remaining funds to new wallet addresses unassociated with the account. Acting swiftly upon realizing credentials were compromised limits damage.

How to Spot Fake Coinbase Login Warnings

Here are red flags to identify phishing emails and texts related to unauthorized account access:

Generic Greetings – Genuine Coinbase emails address you by name. Scams use generic terms like “Dear user”.
Sense of Urgency – Language presses you to act quickly or risk further “unauthorized transactions”. Slow down and verify claims.
Requests Secrets – Real Coinbase messages won’t ask for passwords, 2FA codes, or other secrets via email/text.
Links Go Elsewhere – Hover over links to see the actual destination. They should go directly to coinbase.com only.
Threatening Language – Aggressive warnings about hackers “draining your account” try to spur panic.
Verify in Your Account – Check directly in Coinbase that no unauthorized transactions actually occurred.

Whenever contacted about account security outside of Coinbase’s website, critically analyze all elements before acting. Use unique complex passwords and enable 2FA.

How to Spot Fake Coinbase Texts About Account Compromise

In addition to emails, the “Unauthorized Access” scam also utilizes SMS text phishing targeting Coinbase users. Watch for these signs:

Texts Pretend to be Coinbase Security Alerts

Bogus texts appear as security warnings from Coinbase, often with threatening language:

“ALERT: We have detected unauthorized access to your Coinbase account from a foreign IP address. Secure your account now – click here immediately.”
“Coinbase Fraud Prevention – Do not ignore this message! Your account is being accessed by unrecognized devices right now. You must act fast to stop the hacker…”

Any texts stating your account is actively being compromised are deceptive.

Messages Provide Links to “Secure” Account

The fake texts provide convenient links for you to urgently “secure” or “recover” your account:

“Act now to stop unauthorized access to your Coinbase account: [Malicious Link]”
“Prevent irreversible loss of funds! Recover your compromised Coinbase account immediately: [Phishing URL]”

These malicious links route to credential harvesting sites.

Grammar, Branding, and Sender ID Red Flags

Phishing texts often have typos, bad grammar, low-quality copied logos, and suspicious sender IDs:

Sender ID “Coinbas3Support” instead of official “Coinbase” name
Misspellings like “unauthrized” instead of “unauthorized”
Pixelated, blurry Coinbase logo graphics

Scrutinize all textual identifiers. Access your account only through the legitimate Coinbase website or mobile app.

How to Identify Fake Coinbase Emails About Account Compromise

In addition to texts, scammers send phishing emails pretending to be Coinbase security alerts. Watch for:

Subjects Warn of Unauthorized Access

Suspicious email subjects include:

“Alert: Unauthorized transactions on your Coinbase account”
“Coinbase: Account recovery required due to suspicious activity”
“Critical security notification from Coinbase”

These urgency-inducing subjects aim to get users to hastily open the scam email.

Emails Threaten Account is Being Drained

The content uses fear by claiming account funds are actively being stolen:

“Our security system has detected withdrawals you did not authorize. Your Coinbase account is being drained right now.”
“Hackers have accessed your Coinbase account and are stealing your funds as you read this!”

Stirring anxiety makes users more prone to thoughtlessly click on links.

Links to Supposedly Review or Block Access

Phishing links within the emails allude to letting you review activity or stop the attack:

“Click here immediately to review unauthorized transactions and prevent further withdrawal of funds.”
“Regain access to your compromised Coinbase account now before the hackers take everything!”

These links redirect to fake login pages to steal credentials.

Analyze Email Details Thoroughly

Look for inconsistencies in the sender, headers, URL links, branding, grammar, and other details. Emails should come from @coinbase.com domains only.

Scrutinize all elements thoroughly before clicking on links or attachments related to unauthorized account activity warnings.

Protecting Yourself from the Coinbase “Unauthorized Access” Scam

Here are proactive measures to help avoid falling victim:

Enable account protections – Use Coinbase two-factor and multi-factor authentication, whitelisting, cold storage, and vault features.
Create unique complex passwords – Your Coinbase password should be unique and very strong. Use a password manager.
Recognize social engineering – Note red flag phrasing aimed at manipulating emotions like fear and urgency. Don’t let guard down.
Check sender details – For emails and texts, manually verify the sender address matches official Coinbase domains.
Access via trusted networks – Only access your Coinbase account via known secure Wi-Fi. Public connections are risky.
Use a secure device – Conduct Coinbase transactions on a non-compromised device protected by a firewall and security measures.
Monitor account routinely – Log in frequently to check for any unauthorized activity. Detection of fraud is key.
Report phishing attempts – Alert Coinbase Support about any suspicious scam emails/texts you receive.

Following security best practices makes your Coinbase account a much harder target for phishers. But caution is always warranted when contacted about financial accounts unexpectedly.

Is Your Device Infected? Check for Malware

If your device is running slowly or acting suspicious, it may be infected with malware. Malwarebytes Anti-Malware Free is a great option for scanning your device and detecting potential malware or viruses. The free version can efficiently check for and remove many common infections.

Malwarebytes can run on Windows, Mac, and Android devices. Depending on which operating system is installed on the device you’re trying to run a Malwarebytes scan, please click on the tab below and follow the displayed steps.

Malwarebytes For WindowsMalwarebytes For MacMalwarebytes For Android

Scan your computer with Malwarebytes for Windows to remove malware

Malwarebytes stands out as one of the leading and widely-used anti-malware solutions for Windows, and for good reason. It effectively eradicates various types of malware that other programs often overlook, all at no cost to you. When it comes to disinfecting an infected device, Malwarebytes has consistently been a free and indispensable tool in the battle against malware. We highly recommend it for maintaining a clean and secure system.

Download Malwarebytes for Windows

You can download Malwarebytes by clicking the link below.

MALWAREBYTES FOR WINDOWS DOWNLOAD LINK
(The above link will open a new page from where you can download Malwarebytes)
Install Malwarebytes

After the download is complete, locate the MBSetup file, typically found in your Downloads folder. Double-click on the MBSetup file to begin the installation of Malwarebytes on your computer. If a User Account Control pop-up appears, click “Yes” to continue the Malwarebytes installation.
Follow the On-Screen Prompts to Install Malwarebytes

When the Malwarebytes installation begins, the setup wizard will guide you through the process.
- You’ll first be prompted to choose the type of computer you’re installing the program on—select either “Personal Computer” or “Work Computer” as appropriate, then click on Next.
- Malwarebytes will now begin the installation process on your device.
- When the Malwarebytes installation is complete, the program will automatically open to the “Welcome to Malwarebytes” screen.
- On the final screen, simply click on the Open Malwarebytes option to start the program.
Enable “Rootkit scanning”.

Malwarebytes Anti-Malware will now start, and you will see the main screen as shown below. To maximize Malwarebytes’ ability to detect malware and unwanted programs, we need to enable rootkit scanning. Click on the “Settings” gear icon located on the left of the screen to access the general settings section.

In the settings menu, enable the “Scan for rootkits” option by clicking the toggle switch until it turns blue.

Now that you have enabled rootkit scanning, click on the “Dashboard” button in the left pane to get back to the main screen.
Perform a Scan with Malwarebytes.

To start a scan, click the Scan button. Malwarebytes will automatically update its antivirus database and begin scanning your computer for malicious programs.
Wait for the Malwarebytes scan to complete.

Malwarebytes will now scan your computer for browser hijackers and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check the status of the scan to see when it is finished.
Quarantine detected malware

Once the Malwarebytes scan is complete, it will display a list of detected malware, adware, and potentially unwanted programs. To effectively remove these threats, click the “Quarantine” button.

Malwarebytes will now delete all of the files and registry keys and add them to the program’s quarantine.
Restart your computer.

When removing files, Malwarebytes may require a reboot to fully eliminate some threats. If you see a message indicating that a reboot is needed, please allow it. Once your computer has restarted and you are logged back in, you can continue with the remaining steps.

Your computer should now be free of trojans, adware, browser hijackers, and other malware.

If your current antivirus allowed this malicious program on your computer, you may want to consider purchasing Malwarebytes Premium to protect against these types of threats in the future.
If you are still having problems with your computer after completing these instructions, then please follow one of the steps:

Run a computer scan with ESET Online Scanner
Ask for help in our Windows Malware Removal Help & Support forum.

Scan your computer with Malwarebytes for Mac to remove malware

Malwarebytes for Mac is an on-demand scanner that can destroy many types of malware that other software tends to miss without costing you absolutely anything. When it comes to cleaning up an infected device, Malwarebytes has always been free, and we recommend it as an essential tool in the fight against malware.

Download Malwarebytes for Mac.

You can download Malwarebytes for Mac by clicking the link below.

MALWAREBYTES FOR MAC DOWNLOAD LINK
(The above link will open a new page from where you can download Malwarebytes for Mac)
Double-click on the Malwarebytes setup file.

When Malwarebytes has finished downloading, double-click on the setup file to install Malwarebytes on your computer. In most cases, downloaded files are saved to the Downloads folder.
Follow the on-screen prompts to install Malwarebytes.

When the Malwarebytes installation begins, you will see the Malwarebytes for Mac Installer which will guide you through the installation process. Click “Continue“, then keep following the prompts to continue with the installation process.

When your Malwarebytes installation completes, the program opens to the Welcome to Malwarebytes screen. Click the “Get started” button.
Select “Personal Computer” or “Work Computer”.

The Malwarebytes Welcome screen will first ask you what type of computer are you installing this program, click either Personal Computer or Work Computer.
Click on “Scan”.

To scan your computer with Malwarebytes, click on the “Scan” button. Malwarebytes for Mac will automatically update the antivirus database and start scanning your computer for malware.
Wait for the Malwarebytes scan to complete.

Malwarebytes will scan your computer for adware, browser hijackers, and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Quarantine”.

When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes has detected. To remove the malware that Malwarebytes has found, click on the “Quarantine” button.
Restart computer.

Malwarebytes will now remove all the malicious files that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your computer.

Your Mac should now be free of adware, browser hijackers, and other malware.

If your current antivirus allowed a malicious program on your computer, you might want to consider purchasing the full-featured version of Malwarebytes Anti-Malware to protect against these types of threats in the future.
If you are still experiencing problems while trying to remove a malicious program from your computer, please ask for help in our Mac Malware Removal Help & Support forum.

Scan your phone with Malwarebytes for Android to remove malware

Malwarebytes for Android automatically detects and removes dangerous threats like malware and ransomware so you don’t have to worry about your most-used device being compromised. Aggressive detection of adware and potentially unwanted programs keeps your Android phone or tablet running smooth.

Download Malwarebytes for Android.

You can download Malwarebytes for Android by clicking the link below.

MALWAREBYTES FOR ANDROID DOWNLOAD LINK
(The above link will open a new page from where you can download Malwarebytes for Android)
Install Malwarebytes for Android on your phone.

In the Google Play Store, tap “Install” to install Malwarebytes for Android on your device.

When the installation process has finished, tap “Open” to begin using Malwarebytes for Android. You can also open Malwarebytes by tapping on its icon in your phone menu or home screen.
Follow the on-screen prompts to complete the setup process

When Malwarebytes will open, you will see the Malwarebytes Setup Wizard which will guide you through a series of permissions and other setup options.
This is the first of two screens that explain the difference between the Premium and Free versions. Swipe this screen to continue.

Tap on “Got it” to proceed to the next step.

Malwarebytes for Android will now ask for a set of permissions that are required to scan your device and protect it from malware. Tap on “Give permission” to continue.

Tap on “Allow” to permit Malwarebytes to access the files on your phone.
Update database and run a scan with Malwarebytes for Android

You will now be prompted to update the Malwarebytes database and run a full system scan.

Click on “Update database” to update the Malwarebytes for Android definitions to the latest version, then click on “Run full scan” to perform a system scan.
Wait for the Malwarebytes scan to complete.

Malwarebytes will now start scanning your phone for adware and other malicious apps. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Remove Selected”.

When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes for Android has detected. To remove the malicious apps that Malwarebytes has found, tap on the “Remove Selected” button.
Restart your phone.

Malwarebytes for Android will now remove all the malicious apps that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your device.

Your phone should now be free of adware, browser hijackers, and other malware.

If your current antivirus allowed a malicious app on your phone, you may want to consider purchasing the full-featured version of Malwarebytes to protect against these types of threats in the future.
If you are still having problems with your phone after completing these instructions, then please follow one of the steps:

Restore your phone to factory settings by going to Settings > General management > Reset > Factory data reset.
Ask for help in our Mobile Malware Removal Help & Support forum.

Frequently Asked Questions

What is the Coinbase “Unauthorized Access” phishing scam?

This scam sends fake emails and texts pretending to be from Coinbase security teams. They warn that an unrecognized device logged into your account, often from a suspicious foreign location. Links are provided to “secure your account” which actually direct to phishing sites to steal login credentials.

What are some examples of the phishing emails?

Subjects state things like “Alert: Unauthorized transactions” or “Critical security notification”. The body claims hackers are actively draining your account funds and provides links to supposedly stop the attack which actually harvest logins.

What do the phishing text messages say?

Fake texts pretend to be Coinbase security alerts about unauthorized access from odd IP addresses. They provide links to urgently “recover” your account which redirect to credential harvesting sites.

What is the goal of this scam?

By creating panic about account theft, scammers hope victims will hastily click their links without scrutiny. The phishing sites then capture entered usernames/passwords to drain cryptocurrency from the compromised Coinbase account.

How can I avoid becoming a victim?

Carefully analyze sender details in emails and texts. Verify claims directly by logging into your actual Coinbase account. Enable all security features offered by Coinbase. Never enter credentials outside of the real Coinbase website.

What should I do if I clicked their link?

If you entered your login information, immediately contact Coinbase Support and initiate account recovery. Reset your Coinbase password and enable 2FA. Monitor your financial accounts for unauthorized transactions in the coming weeks.

How can I report these phishing attempts?

Forward any scam emails to phishing@coinbase.com or report them within your Coinbase account. Report phishing texts to Coinbase and your mobile provider. This helps get fake domains taken down faster.

Are other crypto exchanges targeted similarly?

Yes, phishing scams impersonate security teams from Binance, Crypto.com, Gemini, and many other popular crypto platforms. Follow security best practices no matter what exchange you use.

Where can I learn more about crypto phishing scams?

Reputable resources like Coinbase’s security pages, CISA, and CryptoCompare provide helpful guides. Stay vigilant of new phishing tactics targeting the crypto community.

The Bottom Line – Verify Security Claims Directly with Coinbase

The Coinbase “Unauthorized Account Access” phishing scam highlights the need for vigilance and verification when using popular online crypto exchanges. Scammers are experts at social engineering to create urgency and fear.

But by slowing down and scrutinizing all communications thoroughly, most phishing attempts can be recognized. Use all account security features available and access Coinbase only through official channels on safe devices.

Keep an eye out for any unusual account activity and immediately report phishing attempts both to Coinbase and relevant authorities. Being proactive about security and verifying all claims makes you a far less lucrative target.

Practice caution so you can confidently use Coinbase and other reputable exchanges without unwittingly surrendering your hard-earned funds to crafty scammers. Stay educated on the latest phishing techniques so you can identify and avoid compromise.

Here are 10 basic security tips to help you avoid malware and protect your device:

To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.