Phishing emails and fake security alerts have become one of the most dangerous online threats. Among the most widespread examples is the Coinbase “New Device Registered” scam, which tricks unsuspecting users into thinking their account has been compromised. The scam message looks convincing, using Coinbase branding and urgent wording to pressure recipients into calling fake support numbers. Once contact is made, scammers attempt to gain remote access to the victim’s device and steal personal information, crypto funds, or even demand gift card codes.
If you have received an email warning of a new device login on your Coinbase account, it is crucial to know how this scam works, why it is effective, and what to do if you have already interacted with the fraudsters. This article provides a detailed breakdown of the scam, how it operates, and practical steps to stay safe.
Scam Overview
The Coinbase “New Device Registered” scam is part of a broader wave of phishing and tech support frauds. It preys on the fear of unauthorized access to valuable financial accounts, such as those linked to cryptocurrency. The fraudulent message typically mimics Coinbase’s branding, subject lines, and language style to make it appear authentic.
The scam email often carries subject lines like:
“New Login Detected – Spain (Madrid)”
“Coinbase Security Alert: Unrecognized Device”
“Your Account May Be Compromised”
Inside the message, the structure is simple but effective. It warns the user that a new device has signed in to their Coinbase account from an unusual location. In most cases, the location is set to a foreign country, such as Madrid, Spain, to trigger alarm. The message goes on to list details like:
Location of the suspicious login
Browser used (e.g., Safari, Chrome, Firefox)
Device type (MacOS, Windows, iPhone, Android)
At the bottom, the email urges the recipient to call a customer support number immediately if they did not authorize the login. This is the key to the scam. The phone number does not lead to Coinbase support. Instead, it connects directly to scam call centers posing as Coinbase security representatives.
Why the Scam Looks Convincing
Several elements make this scam particularly dangerous:
Use of Fear and Urgency By claiming someone has logged in from another country, the scammers create panic. Users are more likely to act impulsively to “secure” their accounts.
Professional Design The email often mimics Coinbase’s logos, fonts, and formatting. To an untrained eye, it looks legitimate.
Technical Details The inclusion of specific details like browser and operating system makes the message feel personalized and authentic.
Direct Call-to-Action Instead of asking users to click on a suspicious link (a common phishing tactic), the scammers direct them to a phone number. This adds a false sense of legitimacy, since many users trust phone calls more than links.
The Role of Fake Support Numbers
The most dangerous part of this scam is the phone number provided. When victims call, they are greeted by professional-sounding “support agents” who use scripts to gain trust. These agents often claim:
Your Coinbase account is under attack.
Hackers have gained remote access to your funds.
Immediate action is required to secure your assets.
From here, the fraud escalates. The scammers push victims to download remote access tools like Anydesk, TeamViewer, or LogMeIn, claiming they need to “secure” the account. Once connected, they can monitor activity, steal sensitive information, and manipulate crypto wallets.
Potential Consequences for Victims
Falling for the Coinbase “New Device Registered” scam can result in:
Stolen cryptocurrency from wallets or exchanges.
Loss of banking information, if scammers gain access to online banking.
Identity theft, by harvesting personal documents, passwords, and emails.
Gift card scams, where victims are instructed to buy gift cards and provide codes.
The scam is highly dangerous because it combines phishing, tech support fraud, and social engineering into one.
How the Scam Works
To understand the full danger of the Coinbase “New Device Registered” scam, it is important to break down the process step by step. Scammers follow a deliberate path designed to confuse, frighten, and ultimately rob their targets.
Step 1: The Fake Security Email or texts
The scam begins with a fraudulent email or text. The subject line typically references a suspicious login to the victim’s Coinbase account. The message is crafted to resemble an official Coinbase security alert.
Example details include:
Location: Madrid, Spain (or other foreign location)
Browser: Safari or Chrome
Device: MacOS, Windows, iPhone
This information is fake but is chosen carefully to sound realistic.
Example:
Subject: New Login Detected – Spain (Madrid)
coinbase
New Device Registered
A sign in to your Coinbase account was detected from an unusual location that does not match your typical usage pattern.
Location: Madrid, Madrid, Spain
Browser: Safari
Device: MacOS
If this wasn’t you, contact our Support team right away.
Customer Support Line +1 (888) 419 3004
Step 2: Emotional Manipulation
The recipient, upon reading the message, is made to feel panic. Cryptocurrency accounts often hold significant funds, and the fear of unauthorized access drives immediate action. Scammers exploit this emotional response.
Step 3: Urgent Call-to-Action
The email provides a customer support line and urges the victim to call if they did not authorize the login. Unlike typical phishing that relies on malicious links, this scam uses voice phishing (vishing). This tactic is harder to detect because many users believe calling a phone number is safer than clicking on a link.
Step 4: Fake Support Agents
When the victim calls, they are connected to scam call centers. These scammers are trained to sound professional, polite, and authoritative. They often introduce themselves as “Coinbase Security Specialist” or “Coinbase Account Protection Team.”
The scammer will:
Confirm the victim’s name and email (information often guessed or extracted from the call).
Reassure them that the problem can be fixed.
Claim hackers are actively trying to steal their funds.
Step 5: Remote Access Setup
The scammer tells the victim that Coinbase requires remote assistance to secure the account. They instruct the victim to install remote desktop applications like:
Anydesk
TeamViewer
LogMeIn
Zoho Assist
These tools allow scammers full access to the victim’s device. They can then navigate files, log into wallets, and even monitor keystrokes.
Step 6: Fake Security Procedures
Once connected, the scammer pretends to perform a security check. They may:
Open the Coinbase website and simulate activity.
Create a fake “secure wallet” where they urge the victim to transfer their crypto.
Display fake error messages that suggest the account is compromised.
In reality, all these steps are designed to move funds into scam-controlled accounts.
Step 7: Demands for Gift Cards
If the victim resists giving up crypto access, the scammer may pivot. They claim a temporary security fee must be paid to protect the account. They instruct the victim to purchase gift cards (Google Play, Amazon, Apple) and provide the codes. These gift cards are then resold or used by the scammers.
Step 8: Extraction of Personal Data
Beyond cryptocurrency theft, scammers also harvest personal information, including:
Bank login credentials.
Email account details.
Passwords stored on the device.
Private crypto wallet seed phrases.
This information allows them to commit identity theft, access other accounts, and launch future scams.
Step 9: Continued Harassment
Victims who comply may find scammers continue to call, email, or message them, demanding further payments. In some cases, victims are blackmailed with threats of account closure or stolen data exposure.
Step 10: Victim Realizes the Fraud
Often, the scam is only recognized once funds are stolen or the victim attempts to verify the incident with Coinbase directly. Unfortunately, at this stage, recovering lost assets is extremely difficult.
What to Do if You Have Fallen Victim to the Scam
If you have already interacted with the Coinbase “New Device Registered” scam, immediate action is required. Here is a step-by-step guide to minimize damage:
1. Disconnect Remote Access Software
If you installed Anydesk, TeamViewer, or similar software, disconnect immediately. Uninstall the program from your device and restart your computer.
2. Secure Your Coinbase Account
Change your Coinbase password immediately.
Enable two-factor authentication (2FA) if not already active.
Review recent account activity and revoke any suspicious sessions.
3. Report to Coinbase
Log in to Coinbase only through the official website or mobile app. Contact Coinbase Support through their official help center, not through any phone numbers received via email.
4. Scan Your Device
Run a full system antivirus and anti-malware scan. Scammers may have installed malicious software to continue spying on your activities.
5. Change All Passwords
Update passwords for:
Email accounts
Banking accounts
Any platform linked to your Coinbase account
Use unique, strong passwords for each account.
6. Check for Financial Loss
Review your crypto wallets for unauthorized transfers.
Check your bank and credit card statements.
Monitor for unfamiliar charges or withdrawals.
7. Contact Your Bank
If you provided banking details, notify your financial institution immediately. Request to freeze or monitor accounts for suspicious activity.
8. Report the Scam
File a report with your local law enforcement.
Report the fraud to the Federal Trade Commission (FTC) if you are in the U.S.
If scammers accessed personal information, consider placing a fraud alert on your credit file and monitoring for identity theft.
10. Educate Yourself for the Future
Review common scam tactics and learn how to verify communications. Remember: Coinbase does not provide support via phone numbers in unsolicited emails.
Is Your Device Infected? Scan for Malware
If your computer or phone is slow, showing unwanted pop-ups, or acting strangely, malware could be the cause. Running a scan with Malwarebytes Anti-Malware Free is one of the most reliable ways to detect and remove harmful software. The free version can identify and clean common infections such as adware, browser hijackers, trojans, and other unwanted programs.
Malwarebytes works on Windows, Mac, and Android devices. Choose your operating system below and follow the steps to scan your device and remove any malware that might be slowing it down.
Malwarebytes for WindowsMalwarebytes for MacMalwarebytes for Android
Run a Malware Scan with Malwarebytes for Windows
Malwarebytes stands out as one of the leading and widely-used anti-malware solutions for Windows, and for good reason. It effectively eradicates various types of malware that other programs often overlook, all at no cost to you. When it comes to disinfecting an infected device, Malwarebytes has consistently been a free and indispensable tool in the battle against malware. We highly recommend it for maintaining a clean and secure system.
Download Malwarebytes
Download the latest version of Malwarebytes for Windows using the official link below. Malwarebytes will scan your computer and remove adware, browser hijackers, and other malicious software for free.
(The above link will open a new page from where you can download Malwarebytes)
Install Malwarebytes
After the download is complete, locate the MBSetup file, typically found in your Downloads folder. Double-click on the MBSetup file to begin the installation of Malwarebytes on your computer. If a User Account Control pop-up appears, click “Yes” to continue the Malwarebytes installation.
Follow the On-Screen Prompts to Install Malwarebytes
When the Malwarebytes installation begins, the setup wizard will guide you through the process.
You’ll first be prompted to choose the type of computer you’re installing the program on—select either “Personal Computer” or “Work Computer” as appropriate, then click on Next.
Malwarebytes will now begin the installation process on your device.
When the Malwarebytes installation is complete, the program will automatically open to the “Welcome to Malwarebytes” screen.
On the final screen, simply click on the Open Malwarebytes option to start the program.
Enable “Rootkit scanning”.
Malwarebytes Anti-Malware will now start, and you will see the main screen as shown below. To maximize Malwarebytes’ ability to detect malware and unwanted programs, we need to enable rootkit scanning. Click on the “Settings” gear icon located on the left of the screen to access the general settings section.
In the settings menu, enable the “Scan for rootkits” option by clicking the toggle switch until it turns blue.
Now that you have enabled rootkit scanning, click on the “Dashboard” button in the left pane to get back to the main screen.
Perform a Scan with Malwarebytes.
To start a scan, click the Scan button. Malwarebytes will automatically update its antivirus database and begin scanning your computer for malicious programs.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now scan your computer for browser hijackers and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check the status of the scan to see when it is finished.
Quarantine detected malware
Once the Malwarebytes scan is complete, it will display a list of detected malware, adware, and potentially unwanted programs. To effectively remove these threats, click the “Quarantine” button.
Malwarebytes will now delete all of the files and registry keys and add them to the program’s quarantine.
Restart your computer.
When removing files, Malwarebytes may require a reboot to fully eliminate some threats. If you see a message indicating that a reboot is needed, please allow it. Once your computer has restarted and you are logged back in, you can continue with the remaining steps.
Once the scan completes, remove all detected threats. Your Windows computer should now be clean and running smoothly again, free of trojans, adware, and other malware.
If your current antivirus allowed this malicious program on your computer, you may want to consider purchasing Malwarebytes Premium to protect against these types of threats in the future. If you are still having problems with your computer after completing these instructions, then please follow one of the steps:
Malwarebytes for Mac is an on-demand scanner that can destroy many types of malware that other software tends to miss without costing you absolutely anything. When it comes to cleaning up an infected device, Malwarebytes has always been free, and we recommend it as an essential tool in the fight against malware.
Download Malwarebytes for Mac.
You can download Malwarebytes for Mac by clicking the link below.
When Malwarebytes has finished downloading, double-click on the setup file to install Malwarebytes on your computer. In most cases, downloaded files are saved to the Downloads folder.
Follow the on-screen prompts to install Malwarebytes.
When the Malwarebytes installation begins, you will see the Malwarebytes for Mac Installer which will guide you through the installation process. Click “Continue“, then keep following the prompts to continue with the installation process.
When your Malwarebytes installation completes, the program opens to the Welcome to Malwarebytes screen. Click the “Get started” button.
Select “Personal Computer” or “Work Computer”.
The Malwarebytes Welcome screen will first ask you what type of computer are you installing this program, click either Personal Computer or Work Computer.
Click on “Scan”.
To scan your computer with Malwarebytes, click on the “Scan” button. Malwarebytes for Mac will automatically update the antivirus database and start scanning your computer for malware.
Wait for the Malwarebytes scan to complete.
Malwarebytes will scan your computer for adware, browser hijackers, and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Quarantine”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes has detected. To remove the malware that Malwarebytes has found, click on the “Quarantine” button.
Restart computer.
Malwarebytes will now remove all the malicious files that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your computer.
After scanning, delete any detected threats. Your Mac should now be free from adware, unwanted extensions, and other potentially harmful software.
If your current antivirus allowed a malicious program on your computer, you might want to consider purchasing the full-featured version of Malwarebytes Anti-Malware to protect against these types of threats in the future. If you are still experiencing problems while trying to remove a malicious program from your computer, please ask for help in our Mac Malware Removal Help & Support forum.
Run a Malware Scan with Malwarebytes for Android
Malwarebytes for Android automatically detects and removes dangerous threats like malware and ransomware so you don’t have to worry about your most-used device being compromised. Aggressive detection of adware and potentially unwanted programs keeps your Android phone or tablet running smooth.
Download Malwarebytes for Android.
You can download Malwarebytes for Android by clicking the link below.
In the Google Play Store, tap “Install” to install Malwarebytes for Android on your device.
When the installation process has finished, tap “Open” to begin using Malwarebytes for Android. You can also open Malwarebytes by tapping on its icon in your phone menu or home screen.
Follow the on-screen prompts to complete the setup process
When Malwarebytes will open, you will see the Malwarebytes Setup Wizard which will guide you through a series of permissions and other setup options. This is the first of two screens that explain the difference between the Premium and Free versions. Swipe this screen to continue. Tap on “Got it” to proceed to the next step. Malwarebytes for Android will now ask for a set of permissions that are required to scan your device and protect it from malware. Tap on “Give permission” to continue. Tap on “Allow” to permit Malwarebytes to access the files on your phone.
Update database and run a scan with Malwarebytes for Android
You will now be prompted to update the Malwarebytes database and run a full system scan.
Click on “Update database” to update the Malwarebytes for Android definitions to the latest version, then click on “Run full scan” to perform a system scan.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now start scanning your phone for adware and other malicious apps. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Remove Selected”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes for Android has detected. To remove the malicious apps that Malwarebytes has found, tap on the “Remove Selected” button.
Restart your phone.
Malwarebytes for Android will now remove all the malicious apps that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your device.
When the scan is finished, remove all detected threats. Your Android phone should now be free of malicious apps, adware, and unwanted browser redirects.
If your current antivirus allowed a malicious app on your phone, you may want to consider purchasing the full-featured version of Malwarebytes to protect against these types of threats in the future. If you are still having problems with your phone after completing these instructions, then please follow one of the steps:
Restore your phone to factory settings by going to Settings > General management > Reset > Factory data reset.
After cleaning your device, it’s important to protect it from future infections and annoying pop-ups. We recommend installing an ad blocker such as AdGuard. AdGuard blocks malicious ads, prevents phishing attempts, and stops dangerous redirects, helping you stay safe while browsing online.
The Bottom Line
The Coinbase “New Device Registered” scam is a dangerous form of phishing and tech support fraud. It manipulates users into believing their account is compromised, then directs them to fake support centers where scammers attempt to steal funds, personal data, and even gift card codes.
Understanding how the scam works is the best defense. If you receive a suspicious email, never call the number provided or download remote access tools. Instead, verify directly with Coinbase through official channels.
Crypto accounts hold valuable assets, and scammers know how to exploit fear to get what they want. Stay vigilant, stay informed, and always double-check before acting on urgent security messages.
Frequently Asked Questions About the Coinbase “New Device Registered” Scam
What is the Coinbase “New Device Registered” scam?
The Coinbase “New Device Registered” scam is a phishing and tech support scam where fraudsters send fake security alerts that appear to come from Coinbase. The email claims that a new device has logged into your account from an unusual location, such as Madrid, Spain. It lists details like the browser and operating system used, making the alert look convincing.
The message then urges you to call a customer support number. However, the number connects to fake tech support centers run by scammers. These fake agents attempt to gain remote access to your computer or mobile device, steal cryptocurrency from your wallets, harvest banking information, or trick you into buying gift cards and sharing the codes.
How can I recognize the Coinbase “New Device Registered” scam email?
Several red flags can help you spot this scam:
Suspicious sender email address – Often the sender is not from an official Coinbase domain but from random addresses like @hugtaproom.jp.
Urgent warnings – The email pressures you with claims that someone logged into your account from a foreign location.
Phone number provided – Coinbase does not use unsolicited phone numbers in emails. If you see one, it is a scam.
Generic greetings – Instead of addressing you by your registered name, the email may start with “Dear Customer” or no greeting at all.
Poor grammar or formatting – Many of these scams contain minor mistakes in wording or layout.
Does Coinbase send emails about new device logins?
Yes, Coinbase does send security alerts when a new device or location accesses your account. However, legitimate emails:
Come from an official Coinbase domain (such as @coinbase.com).
Do not include phone numbers to call for support.
Direct you to the official Coinbase app or website to review account activity.
If you are unsure, log in to Coinbase directly using the app or by typing www.coinbase.com into your browser. Never click links or call numbers in suspicious emails.
What happens if I call the number in the scam email?
If you call the number, you will reach scammers posing as Coinbase support agents. They will:
Pretend your account is under attack.
Convince you to download remote access software like Anydesk or TeamViewer.
Request your login details, recovery phrases, or banking information.
In some cases, ask you to transfer funds to a “secure wallet” that they control.
Demand that you purchase gift cards and share the codes as a “security measure.”
Calling the number can quickly lead to stolen funds and identity theft.
What should I do if I already gave scammers remote access?
If you installed remote access software and allowed scammers to connect to your device, take these steps immediately:
Disconnect from the internet and turn off your device.
Uninstall any remote access applications you were instructed to install.
Run a full antivirus and anti-malware scan to detect and remove hidden software.
Change your Coinbase password and enable two-factor authentication (2FA).
Update your email, bank, and crypto wallet passwords to prevent further misuse.
Contact your bank and credit card provider to alert them of possible fraud.
Report the scam to Coinbase, the Federal Trade Commission (FTC), and your local authorities.
Can scammers steal my cryptocurrency without my seed phrase?
Yes. Even without your seed phrase, scammers can steal your cryptocurrency if they:
Gain remote access to your device and log in to your exchange account.
Trick you into transferring funds to a fake “secure wallet.”
Obtain your login details or intercept your two-factor authentication codes.
Your seed phrase is the master key to your wallet, but other forms of access (such as your exchange login) are also valuable to scammers.
What if I already sent gift card codes to the scammers?
Unfortunately, once you provide gift card codes, they are usually redeemed instantly and cannot be recovered. You should:
Keep records of the transaction, including receipts and communications.
Report the fraud to the gift card issuer (Google Play, Amazon, Apple, etc.) to see if the balance is unused and can be frozen.
File a police report and report the scam to the FTC or your local cybercrime authority.
How can I protect myself from the Coinbase “New Device Registered” scam?
Here are key prevention steps:
Never call phone numbers listed in unsolicited emails.
Verify all Coinbase alerts by logging into the app or official website.
Use two-factor authentication (2FA) on your Coinbase account.
Install reputable antivirus and anti-phishing protection on your devices.
Educate yourself about common crypto scams, including phishing, tech support scams, and recovery scams.
Will Coinbase ever ask me to install remote access software?
No. Coinbase will never:
Ask you to install remote access programs.
Request your seed phrase through email or phone.
Ask you to transfer funds to a different wallet for “security reasons.”
Demand payment in the form of gift cards.
If anyone claiming to be from Coinbase asks you to do these things, it is a scam.
Thomas is an expert at uncovering scams and providing in-depth reporting on cyber threats and online fraud. As an editor, he is dedicated to keeping readers informed on the latest developments in cybersecurity and tech.
