Reporting phishing sites

Phishing sites are malicious websites which mimic an authentic site in order to trick visitors into entering their login credentials and other sensitive information. One of the best ways to avoid phishing sites is to always make sure you're accessing https://www.coinbase.com directly and not a different web address.

Report phishing emails

If you believe you've encountered a phishing site, please email security@coinbase.com with the full URL. 

If the phish was sent via email, please include full emails headers with your report. Email headers show the network path that an email took to your inbox. Without them, Coinbase cannot complete a full investigation as we have no way of identifying which mail server is involved.

To collect email headers, please reference your email providers support documents or review this webpage: https://mxtoolbox.com/public/content/emailheaders/ to find instructions related to your specific email client.

MxToolbox is not a Coinbase service. If you use MxToolbox you'll be subject to the applicable terms and conditions of use for these products, including a separate privacy policy, which may differ from Coinbase's privacy policy. You should read and understand all applicable terms for MxToolbox before using them.

Report phishing texts to Coinbase

If the phishing message was sent via text message or SMS, please submit a screenshot of the phishing text in a message to security@coinbase.com. You can also reduce the likelihood of receiving messages like this in the future by copying and pasting the contents into a new SMS message and sending it to 7726 (SPAM).

When we receive your report, our security team will investigate your submission and take prompt action to shut down any malicious sites targeting Coinbase customers.

Report phishing to your mobile provider

If you use a US-based cell phone carrier like AT&T, Verizon, Sprint, or T-Mobile, you can help reduce phishing attacks by sending the contents of suspicious SMS messages to 7726 (SPAM). This service is free and allows mobile carriers to detect and block malicious messages on their network.

Thank you for helping keep Coinbase and our customers safe from phishing sites!

Links to third-party websites will open new browser windows. Except where noted, Coinbase accepts no responsibility for content on third-party websites.

Emails from Coinbase will always have the coinbase.com domain name at the end of them.

Examples include, but are not limited to:

  • support@coinbase.com

  • help@coinbase.com

  • contact@coinbase.com

  • no-reply@coinbase.com

  • compliance-kyc@coinbase.com

We also send emails from Coinbase sub-domains.

Examples include, but are not limited to:

  • contact@updates.coinbase.com

  • info@cb.mail.coinbase.com

  • @mail.coinbase.com

Regardless of sub-domain, we cryptographically sign all of our emails using DKIM and protect our domain against unsigned email with DMARC.