Crypto Safety // 2FA // Phone Calls // Social Engineering
Ok, so this is a warning to be safe out there. If you are into Crypto and paying attention lately — one of the big influencers out there (Ian Balina) just got jacked for quite a substantial part of his portfolio.
Today I just received a phone call from a person claiming to be Coinbase / GDAX Support. Coincidentally I did have a Support ticket open for a now-resolved issue. There was talk of escalating the ticket, so I fell for the initial hook to continue talking.
They told me they saw some suspicious activity and were trying to help me enable some better security on my account. At this point they asked me to join a TeamViewer and asked me to go to a URL. I knew this was suspicious and paused to ask them if they could provide me my previous case number or tell me what was involved in the screenshots I provided. He became immediately angry and started telling me I was confused and didn’t understand what he was trying to have me do to secure my account. I at this time asked one more time for my case number and then I hung up.
I have now called GDAX and confirmed that it was not them. They NEVER, repeat NEVER, call outbound. You can only call them. They will also NEVER ask you to join a screen share utility.
I’m just glad I didn’t give up any more social engineering value aside from verifying that I am a coinbase user by answering the phone. I know that’s bad, but I think I am starting to see the validity in using unique email addresses, unique passwords, 2FA (two factor authentication) and maximum security features for Coinbase and all exchanges.
Be safe out there — there are folks in poor places driven to steal your money with complex schemes that involve teams of people.