In 2017, there was an 86% increase in losses from tech support scams from 2016. These criminals are persistent. They post phone numbers on message boards and purchase ads to boost the phone number’s place in search results. They may call you directly. They will pressure you to act quickly.
You as a user play an integral role in protecting your account. The security of your devices, passwords and two factor authentication codes is your responsibility. It’s extremely important that you take measures to keep your information safe.
Here are examples of specific Coinbase phone support scam approaches that we have observed that we want our customers to be aware of. In this scam, cybercriminals pretend to be from Coinbase Support.
TIP 1: If you are trying to reach Coinbase Support, the only Coinbase phone number is 1 (888) 908–7930. Any other phone number you find online is a scam.
These scammers are trying to steal your digital currency. And unlike fiat currency, digital currency transactions are irrevocable, and the blockchain does not contain enough information to identify an owner’s address.
If you dial into a number posted online that a scammer owns, the scammers may ask for your password or two factor authentication codes, and they may direct you to download software or go to a website so they can remotely access your computer.
TIP 2: Refuse when someone asks for remote access to your computer.
Coinbase Support will never ask to remotely access your computer, nor will we ask for your private information like your password or two factor authentication codes.
Once a cybercriminal has remote access to your computer, they can transfer digital currency out of your Coinbase account or other wallets, access your online bank accounts, and any other information you’ve stored on your computer.
TIP 3: All support communications with Coinbase must be initiated by you. Coinbase does not make outgoing calls.
Coinbase phone support does not make outgoing calls. Scammers may spoof the caller ID of Coinbase’s real support phone number and call you directly with what appears to be our number. If someone calls you claiming to be from Coinbase Support, even if it’s from our legitimate number, they are spoofing the phone number and are trying to scam you.
It is unfortunately common that a fraudster claiming to be from Coinbase would know some of your information, but this is not evidence that he or she represents us. Cybercriminals share information online, and yours may have been part of a data breach unrelated to Coinbase. You can check on haveibeenpwned.com to see if your email was leaked as part of a prior data breach. If your email has been compromised, we strongly suggest that you change the email address on your Coinbase account to a new email address.
TIP 4: Never give out private information like your password or 2FA codes to anyone. This information can be used to steal your digital currency.
This type of information includes your Coinbase or email password, TOTP secret seed, two factor authentication code received via text, and API keys. You should not share this information with anyone, and especially not with someone claiming to be from Support.
If you have been a victim of a phone support scam:
- Report the theft to Coinbase Support and to the FBI Internet Crime Complaint Center
- Run a malware scan on your computer. Consider consulting a security expert to ensure the security of your devices
- Change the password of your Coinbase account, and any other online account that shares this password. TIP: Use a password manager to help you manage unique passwords across all sites.
- If your email has been compromised, change the email associated with your Coinbase account.
- Add time-based one time password (TOTP) — such as Google Authenticator — as your 2FA method to both your Coinbase and email accounts. Phone numbers can be ported and stolen.
- Do not call any phone number you find online claiming to be Coinbase Support that is different from the one on our website. These are cyber-criminals trying to steal your digital currency. An easy way of doing this is to bookmark our website and use that website to find the number.
- Do not allow remote access to your computer from someone claiming to be from Coinbase Support. Coinbase Support will never ask to remotely take over your computer.
- Do not discuss details of your account with anyone who reaches out to you unsolicited, claiming to be from Coinbase Support. This is a scammer!
- Do not share or tell anyone your passwords, two factor authentication codes, or TOTP secret seed.
Avoiding Phone Scams was originally published in The Coinbase Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.