At Coinbase, being the most trusted crypto exchange means we are deeply committed to our customers’ safety. Even though we work tirelessly to protect our customers, scammers use many tactics to socially engineer crypto users into giving up their personal account information.
Please know that Coinbase will NEVER contact you asking for your seed phrases, passwords, 2-step verification codes, remote access to your device, or ask to transfer your funds into a new wallet for security reasons.
If you’re ever asked for this information, it's not from Coinbase.
Coinbase will NEVER ask you to call our team.
Anyone who asks you to call Coinbase and verify your information and/or move assets into a new wallet is a scammer.
The rapidly growing cryptoeconomy has also led to a growth in cybercriminals regularly targeting owners of digital assets. “Spoofed” or “Scam” emails are on the rise.
Cybercriminals use spoofed emails pretending to be from Coinbase support as a primary way to target customers. To keep your account safe always follow the steps below to identify if you are a target of a scam.
How to identify scams
The following images call out the differences between a legit email from Coinbase, and a phishing scam email.
Actual Coinbase Email:
Phishing Scam Email:
Official emails from Coinbase will end with either “@coinbase.com” or ".coinbase.com"
If you are suspicious of an email pretending to be Coinbase, please forward us the full email message you received, including the full email headers to: [email protected]
Report the phishing email to Coinbase.
If you’ve received an email that you think is pretending to be Coinbase, please forward us the full email message you received including the full email headers showing who sent the email to you.
To collect email headers, please reference your email provider’s support documents or review this webpage: https://mxtoolbox.com/public/content/emailheaders/ to find instructions related to your specific email client. Without headers, we cannot complete a full investigation.
MxToolbox is not a Coinbase service. If you use MxToolbox you'll be subject to the applicable terms and conditions of use for these products, including a separate privacy policy, which may differ from Coinbase's privacy policy. You should read and understand all applicable terms for MxToolbox before using them.
For Gmail users:
Open the message you’d like to view headers for.
Click the down arrow next to Reply, at the top-right of the message pane.
Select Show original.
The full headers will appear in a new window, simply right-click inside the headers and choose Select All, then right-click again and choose Copy.
Close the Header Message Source box.
You should now be looking at the original email window.
Please send a screenshot of the email’s headers and message to: [email protected].
For Yahoo users:
Go to Options > General Preferences
Under Mail Viewing Preferences, go to Message Headers, then select ALL.
Hit the small down arrow next to Forward and choose As Inline Text.
Please forward email’s headers and message to: [email protected]
How to protect yourself from email phishing and scams
To help protect your information from phishing attempts:
Never give support staff remote access to your computer. This effectively gives a scammer full access to your computer, online financial accounts, and digital life.
Never give out your 2-step verification codes or passwords.
Coinbase will NEVER tell you to call and verify your personal information for security reasons. Scammers can spoof legitimate phone numbers when conducting outbound calls and will pretend to be support agents. Our agents do not reach out and ask you to verify your personal information.
Only contact Coinbase through the phone number or email listed on our Contact us page. Scammers set up fake support pages with different phone numbers and emails.
Never send cryptocurrency to external addresses on behalf of alleged support agents. Coinbase staff will never ask you to send cryptocurrency to external addresses
We strongly recommend updating the email address associated with your Coinbase account to one used exclusively for this account. Emails are a common data point threat actors use to gather your information and net worth data. Changing your email to a designated email used only for your Coinbase account breaks this chain of data connection.
If you have already mistakenly clicked on the phishing link sent to you - you can take immediate action to lock your Coinbase account and prevent any malicious activity.
Official emails from Coinbase will end with either “@coinbase.com” or ".coinbase.com"
If you are suspicious of an email pretending to be Coinbase, please forward us the full email message you received, including the full email headers to: [email protected]
Additional Information
For the list of verified Coinbase email addresses: https://help.coinbase.com/en/coinbase/privacy-and-security/other/is-this-email-really-from-coinbase
For more information regarding phishing attacks: https://www.coinbase.com/security/phishing-attacks
List of Official Coinbase accounts on Social Media:https://help.coinbase.com/en/coinbase/other-topics/other/is-coinbase-present-on-social-media
Hang up the phone - Stop Social Engineering Scams:https://www.coinbase.com/blog/hang-up-the-phone-stop-social-engineering-scams
TL;DR: Coinbase is partnering with Shopify to bring the future of commerce onchain. Beginning in June, consumers can pay with USDC on Base through Shopify Payments, bringing onchain payments to millions of storefronts.
