Skip to contentSkip to site index
Coinbase Logo
Sign in
Sign up

Consumer Protection Tuesday: Phishing Attacks Explained

By Coinbase3min read

Tl;dr: Phishing scams are quick, deceptive attacks designed to steal sensitive information like passwords, verification codes, or private keys within minutes. By learning how these scams work and recognizing a few key red flags, you can stop them before any damage is done.


Consumer Protection Tuesday

This post is part of a weekly Tuesday series at Coinbase about the latest consumer protection and security measures for crypto owners.

At Coinbase, we’re on a mission to help update the financial system to make it safer and more secure. While under 1% of blockchain transactions are used for illicit activity, and cash remains the preferred medium for illegal transactions, crypto security is always a top priority. Coinbase maintains a robust compliance program, which includes Know Your Customer (KYC) checks, sanctions screenings, suspicious activity reporting, and strong law enforcement partnerships to detect and prevent illicit activity on our platform.

What Is Phishing?

Phishing is one of the most common online scams. In fact, if you own a phone or have an email address, chances are you’ve been targeted.

A play on the word “fishing”, phishing scams cast a wide net through mass fake messages, use “bait” (urgent alerts, rewards, or warnings), and wait for someone to “bite” by clicking a link or sharing information.

Unlike social engineering scams that play out over the long term for big payouts, phishing scams are a “quick hit” attack in which scammers trick you into sharing sensitive information and are designed to create urgency so you act before thinking.

How Phishing Scams Work

Most phishing attacks follow a straightforward pattern:

1. The Message - You receive a message that looks like it’s from a trusted source, your bank, a crypto platform, or a major tech company.

It may say:

  • “Suspicious login detected”

  • “Verify your account now”

  • “Your account will be locked”

The message creates urgency, pushing you to act immediately. Scammers rely on panic and speed to bypass your judgment.

2. The Trap - You’re prompted to:

  • Click a link

  • Download an attachment

  • Enter login or verification details

The link often leads to a fake website that looks nearly identical to the real one.

3. The Theft - Once you enter your information, scammers can:

  • Access your accounts

  • Bypass security protections

  • Transfer funds, often instantly and irreversibly

The Lesson: Phishing only works if you engage. Slowing down is your strongest defense.

Common Types of Phishing Attacks

Email Phishing

What it looks like: An email that appears legitimate, often using logos and branding from well-known companies.

Red Flags:

  • Misspelled sender addresses

  • Generic greetings (“Dear User”)

  • Links that don’t match official domains

SMS Phishing (Smishing)

What it looks like: A text message warning of account issues or suspicious activity.

Red Flags:

  • Unexpected messages with links

  • Urgent or threatening language

  • Requests for immediate action

Fake Login Pages

What it looks like: A cloned version of a trusted website designed to capture your credentials.

Red Flags:

  • Slightly altered URLs (extra letters, misspellings)

  • Missing security indicators (HTTPS)

  • Pages that don’t behave quite like the real site

A Quick Scenario

You receive an email that appears to be from your crypto platform:

  • It warns of a login attempt from a new device

  • It urges you to “secure your account immediately”

  • You click the link and enter your credentials

Within minutes, your account is accessed and funds are moved.

The Lesson: Even highly convincing messages can be fake. Always verify before taking action.

How to Protect Yourself

Phishing scams are simple, and so are the steps to avoid them:

  • Don’t click unsolicited links in emails or texts

  • Go directly to official websites by typing the URL yourself

  • Enable multi-factor authentication (MFA) on all accounts

  • Check URLs carefully before entering any information

  • Keep your devices and apps updated

Talk to someone you trust before taking action if something feels urgent or unusual.

Final Takeaway: Stay Calm, Stay Secure

Phishing scams rely on urgency and quick decisions. Taking a moment to verify a message or link can make the difference between staying secure and losing access to your assets.

Education is one of the most effective tools we have. Share these tips with friends and family, because the more people who recognize phishing attempts, the less effective they become.

Recent stories

Disclaimers: Derivatives trading through the Coinbase Advanced platform is offered to eligible EEA customers by Coinbase Financial Services Europe Ltd. (CySEC License 374/19). In order to access derivatives, customers will need to pass through our standard assessment checks to determine their eligibility and suitability for this product.