Technical support scammers set up fake customer support phone lines and impersonate companies—including Coinbase—or regulatory bodies. They manipulate people into providing personal information that will be used for fraudulent purposes.
To help protect your information:
Never give support staff remote access to your computer. This effectively gives a scammer full access to your computer, online financial accounts, and digital life.
Never give out your 2-step verification codes or passwords.
Never accept calls asking for your confidential personal information. Scammers can spoof legitimate phone numbers when conducting outbound calls.
Only contact Coinbase through the phone number or email listed on our Contact us page.
Never send cryptocurrency to external addresses on behalf of alleged support agents. Coinbase staff will never ask you to send cryptocurrency to external addresses.
Coinbase customer service agents will never:
Ask for your password or 2-step verification code
Ask you to install software on your device
Remotely access your device to take action on your account
Access or move funds held in your account
If you’re asked for any of the above, disconnect the call and email security@coinbase.com immediately.
Note: If you’re disconnected from a customer service call, the agent will call you back within five minutes at the same phone number. Before continuing the conversation, the agent will re-verify your identity with a security question.
Pro tip: If it sounds too good to be true, it probably is.
Phishing
Phishing sites are malicious websites which mimic an authentic site in order to trick visitors into entering their login credentials or other sensitive information. These fraudulent websites are distributed through a variety of methods including email, SMS text messages, social media, and search-engine advertisements.
One of the best ways to avoid phishing sites is to always make sure you're accessing https://www.coinbase.com directly. Phishers will often use URLs like www.c01nbase.com to conduct these scams. Detailed information on phishing can be found in this help article.
Report phishing to your mobile provider
If you use a US-based cell phone carrier like AT&T, Verizon, Sprint, or T-Mobile, you can help reduce phishing attacks by sending the contents of suspicious SMS messages to 7726 (SPAM). This service is free, and allows mobile carriers to detect and block malicious messages on their network.