A recent viral story shared by TikTok user Steve shows a new level of sophistication in phishing scams.
Gone are the days of poorly written emails filled with grammatical and logical errors. Now, scammers have figured out how to mimic real customer support email addresses – in this case, from Coinbase itself.
Voice Phishing – ‘Vishing’ Latest Scam Tool
The scam follows a consistent pattern. The victim receives an automated voicemail from a U.S. phone number claiming to be Coinbase, warning of suspicious account activity.
Then, the scammer makes a live follow-up call from a supposed Coinbase support team member, stating there has been an unauthorized attempt to change the victim’s email and phone number.
The scam unfolds quite simply—while attempting to ‘stop’ the supposed unauthorized attempt, the scammers gradually build the victim’s trust and collect information.
Eventually, often after multiple calls from different numbers and various ways of ‘confirming’ the scammers were legitimate, the phishing attempt reaches its peak, and the victim is asked for their wallet keyphrase.
TikTok user Steve remained suspicious and recognized that asking for a seed phrase is the one inviolable law of crypto: ‘not your keys, not your crypto.’ Give up that seed phrase, and you no longer control your digital assets.
But the mix of fear and urgency – stop the threat now! – can compel people to reveal information they would never share otherwise.
Phishing Attempts Build Off Leaked Data
Trust is built on information, and during interactions, scammers often refer to key personal data. They used his real name and email address obtained through leaked data to appear legitimate.
Coinbase experienced several significant data breaches in the past, including a major leak of private information in May. The company estimates that social engineering scams cost them over $300 million annually. It also disclosed that personal data from as many as 97,000 users was exposed through bribed or compromised call center staff.
Coinbase branding is also a key part of the scheme, with scammers using websites and emails that closely resemble the real ones. Fraudsters reportedly deceive users through cloned emails, spoofed caller IDs, PBX systems, and even pre-generated seed phrases.
Private Keys, Non-Custodial Wallets Key to Defeating Phishing Scams
In the end, never divulge your key phrase. And along with that, use a non-custodial wallet.
Savvy crypto investors…
Click Here to Read the Full Original Article at NewsBTC…
