In this video for Help Net Security, Nick Ascoli, VP of Threat Research, PIXM, discusses a multilayered phishing campaign targeting cryptocurrency exchange Coinbase. Attackers are sending out spoofed Coinbase emails to harvest personal credentials and use them to log into users’ legitimate accounts in real-time.
How the Coinbase phishing attack works
The attackers present users with a notification that their account needed attention due to an urgent matter (ex: locked account, transaction confirmation). Users were prompted to enter login credentials and a 2-factor authentication code into the fake website.
With the newly obtained personal information, the scammer immediately gains access into users’ legitimate sessions on the coinbase website.
This attack is centered around three core techniques and is patently different from other phishing attacks tracked by PIXM in the way that domains stay alive for extremely short periods of time:
- Short llved domains
- Context awareness
- 2-factor relay