Security News > 2021 > October > How a phishing attack thwarted MFA to steal money from Coinbase customers
That lesson was hammered home through a recent phishing attack that stole money from Coinbase customers.
The attackers were able to move funds from Coinbase to their own accounts, thus stealing a vast amount of money in the form of cryptocurrency.
Impersonating Coinbase, one of the the phishing messages told the user that someone else may have had access to their account, thus prompting Coinbase to lock it.
After gaining access to the victim's inbox and Coinbase account, the attackers in some cases used that information to impersonate the user, get an SMS-based two-factor authentication code and access the person's Coinbase account.
Though the attack worked by tricking users with a phishing message, Coinbase bears a core level of responsibility.
In its post, Coinbase admitted to a flaw in its SMS account recovery process, a flaw that the attackers were able to exploit to gain access to certain accounts.
News URL
Related news
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- How to Prevent Phishing Attacks with Multi-Factor Authentication (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)