Another Day, Another Phish: Coinbase Edition

There's a new phishing scam making the rounds, and it's targeting Coinbase users with a classic fake 2FA code trick. Here's what the text looks like:

“Your code [178-540] is required to connect your new Coinbase device. If this wasn't you, please contact our support +1 (928) 482-9517 right away.”

Looks official, right? It isn’t. This is a textbook example of phishing: an unsolicited 2FA code, paired with a fake "Coinbase support" phone number.

Red Flags to Know:

  • You didn’t request a code — someone else is trying to get into your account.
  • The number provided isn’t Coinbase’s official support line. You’re calling a scammer.
  • It uses panic tactics: “Call us NOW before it’s too late!” (Classic move.)

What You Should Do Instead:

  • Do not call the number.
  • Do not share the code with anyone — not even a fake rep who “just needs to verify.”
  • Forward the message to [email protected].
  • Use an authenticator app (like Google Authenticator or Authy) instead of SMS for two-factor authentication.
  • Report the scam to the FTC here.

  • All of my clients also have the SCAMSNIFFER extension installed on all of their desktop browsers. This alerts users if they do click on a fake email that is crypto oriented and gives them a warning about the destination site. Some emails have not yet been analyzed by Scamsniffer so forward it to me and I will be happy to checit out for you!

Final Thought:

If a random text has you questioning your sanity or your security — take a breath. Then assume it's a scam until proven otherwise.

Because unfortunately, the internet is still full of people who think pretending to be "Coinbase Support" is a good career path.

Stay smart. Stay skeptical.