A close call with a Coinbase scam highlights the growing sophistication of online fraud, amplified by AI, and underscores the critical need for user vigilance.
The incident began innocuously enough: a call on a Tuesday afternoon from an unfamiliar number with a San Francisco area code. Recognizing the area as a hub for technological innovation and the location of one of CNBC’s bureaus, the decision to answer was made, a rarity in today’s digital age.
The caller identified himself as Brian Miller from the Coinbase security office. He immediately raised alarm bells, stating there was “suspicious activity” on the account and inquiring about a login attempt from Frankfurt, Germany, using an iPhone. The response was a firm denial; a two-decade absence from Germany and no prior use of a mobile device for Coinbase logins.
Miller then claimed that an individual with the email address “[email protected]” had accessed the account and initiated a transfer. The narrative quickly escalated. Miller described a situation where the purported hacker, claiming to have lost a phone at Frankfurt Airport, was attempting another transfer. He stated that the individual possessed the target’s Social Security number, phone number, and email address, and even presented a photo matching the Coinbase face scan. The caller probed whether any information had been shared recently or if other suspicious activity had been noted. The answer was a definitive no.
Reflecting on the encounter, the classic pressure tactics employed by the scammer became evident. The aim was to create a sense of impending danger, compelling a hasty decision rather than a rational one. As Professor Rick Wash of the University of Wisconsin, a computer scientist who has researched electronic breaches for two decades, noted, “The human factor was often the most critical factor of computer scams.”
Suspicion solidified when Miller mentioned the existence of a photo. The assertion that such a photo was a requirement for account creation due to “know-your-customer” regulations, even if not consciously remembered by the user, raised a significant red flag. The repeated claim that a transfer was being actively blocked added to the manufactured urgency.
When requested to send an email for verification, Miller stated one had already been sent with a case number. The subsequent offer to send another with a new number, coupled with the advice to check spam folders due to a potential email address change by the hacker, signaled a deeper level of manipulation. While emails did arrive in the spam folder, bearing case numbers matching those given verbally and appearing to originate from Coinbase with logos and formatted text, a closer examination revealed discrepancies. The sender addresses, “[email protected] via sportuel.com” and “[email protected] via live-coinbase.com,” were not the standard Coinbase domains.
A critical question about the last Coinbase transaction—a purchase of a cryptocurrency called “Monad” after hearing about it on a CNBC program—and a probing inquiry about total assets, met with a hesitant response of “Shouldn’t you know that?” from the intended victim, further fueled growing doubt. The scammer’s subsequent pitch for a “Coinbase Hard Wallet” and an offer to assist with its setup, alongside a surprising recommendation against changing the Coinbase password due to a potential two-week account freeze, solidified the realization that this was an elaborate deception. The promise of a callback at 3 p.m. provided an opportune moment to disengage.
Upon hanging up, the instinct that something was amiss was strong, despite some details aligning. A check of the Coinbase account revealed no immediate irregularities. However, when the email addresses provided by the caller were submitted to Anthropic’s AI chatbot, Claude, the response was unequivocal: “This is almost certainly a PHISHING scam.” The AI pinpointed several red flags, including the use of incorrect domains and the routing of emails through third-party services, typical tactics in phishing operations.
A call to a former contact in Coinbase’s public relations department confirmed the suspicion, with the former colleague advising that Coinbase typically does not initiate such calls. This contact then alerted the current Coinbase team, who swiftly confirmed the scam and provided details on prevention measures. A spokesperson for Coinbase elaborated that the company invests heavily in prevention, detection, and rapid response mechanisms, including monitoring for unusual transaction patterns. Crucially, they stated that Coinbase would never instruct a customer to transfer funds to a “safe wallet,” emphasizing that any such directive is a scam.
Coinbase also acknowledged the significant role AI plays in modern scams. The company noted that attackers leverage AI automation for tasks such as creating more convincing voice agents for automated calls, thereby increasing the believability of fraudulent schemes. This aligns with findings from ZeroShadow, a firm dedicated to recovering stolen crypto assets, which reported a 1,400% surge in “impersonation scams” over the past year. ZeroShadow’s CEO, Casey G., noted that these scams often originate both domestically and internationally, with perpetrators sometimes recruiting and training younger individuals, providing them with scripts and voice modulation tools. While ZeroShadow has recovered substantial amounts for victims, Casey G. highlighted the challenges in tracing and retrieving stolen crypto, often requiring collaboration with local authorities.
The core of the scam’s success lay in the creation of urgency. By simulating an ongoing security breach, the scammer aimed to bypass rational thought and trigger an immediate, often reactive, response. Anti-scam experts emphasize that this tactic is becoming increasingly sophisticated, fueled by the dark web’s trade in successful scam scripts. Coinbase’s advice remains consistent: “slow down, take a beat, verify things independently and don’t act under pressure.” In an era where digital threats are constantly evolving, a healthy dose of skepticism and independent verification are indispensable defenses.
Original article, Author: Tobias. If you wish to reprint this article, please indicate the source:https://aicnbc.com/16346.html
