Threat actors are evading two-factor authentication and deploying other clever strategies in a recently observed phishing campaign targeting Coinbase users. Security researchers have found that attackers are spoofing the cryptocurrency exchange Coinbase to trick users into logging in. After the login, the attackers record the password and username and eventually use the information to drain funds and defraud users of their crypto balances. In the campaign, attackers are using spoofed emails with fraudulent login links, according to researchers from PIXM Software.
The cyberattackers distribute the funds in hundreds of thousands of transactions in order to make the payouts difficult to trace. Coinbase boasts 89 million users, making it an attractive target for cybercriminals. Cyber researchers stated that in some cases, they could not perform desired forensics once they were made aware of the attack. This is due to a technique in which the malicious login pages are only left available on the internet for two hours. Once a few victims are breached and their passwords collected, the malicious group behind the attacks quickly wipes the page from the internet.
Read More: Phishers Swim Around 2FA in Coinbase Account Heists