It has been a few months since I published anything on this blog. I did receive quite a few phishing attempts since my last post - mainly related to Coinbase. In the moment, I was excited to be on the receiving end of this phishing attempt as it was straight out of a news article I read earlier last year (LINK). I literally stood up at work and was telling my co-worker in real time as it was occurring.
Essentially, if you use Coinbase or any application - when you engage in some sort of action which could be a withdrawal or something else - the platform you are using will send a confirmation code as part of two factor authentication (2FA) and this is usually sent to your phone as a text as most folks don't have a more secure method setup (such as Google Authenticator or a Yubi Key). In some instances the application will call you. In the article I linked to above, the individual had a Coinbase account and was familiar with the text 2FA and call 2FA for his account. When the call came through, unknowingly, he like many others would be curious and habitually answer the phone call. This is usually just harmless - but the fraudsters were able to configure some ability so that if the call was just answered that they would gain access. Of course, the article I linked to above explores this more in depth.
For the purposes of this post, I initially received multiple texts from the number below - a similar 2FA text for many applications. However, I never initiated this verification and additionally I received the text numerous times. Usually I just ignore these blatantly obvious scams but for some reason I recalled the article I read and was curious if I would receive a phone call.
Low and behold - I received a phone call right after I received the texts from some unknown number. I ignored it. It called again a few second later. I ignored it. The individual or entity attempted to call me multiple times - about 4 or so in a row. After the first two attempts I actually became a bit concerned as the calls didn't stop. I knew in that moment that I was a target and put my do not disturb on my phone and ignored the calls. I am curious what the text above fully entails but due to phishing abilities that are present now I am wary of opening it - so I have just taken a screen shot of it above and have deleted the message.
If you receive any sort of phone call or 2FA text from a number you do not recognize - it is prudent to just ignore them. The biggest emotion these attempts play on is a sense of urgency and playing to your curiosity. For example, "Wait a second, I didn't try to do anything on [X Account], why am I receiving this text/phone call?". Curiosity would then lead an unsuspecting individual to open the text or answer the call. However, that is the last thing you should do.