Classic Phishing Scam Exposed: How to Protect Yourself

Email phishing scams continue to be a serious threat to businesses and individuals alike. Even with advanced protections in place, scammers are constantly finding ways to slip through the cracks. In this blog, we break down a recent phishing email example and provide actionable tips to help you recognize and protect against these crafty scams. Read (or watch) below and protect yourself and your business from these scams.

Breaking Down a Classic Phishing Scam

Recently, we came across an email scam pretending to originate from Coinbase, a popular cryptocurrency exchange. Similar to a trusted financial institution like Bank of America or Wells Fargo, scammers rely on the credibility of well-known names to trick victims into providing sensitive information.

Here's what the email claimed:

The message was sent by "Jake" from the Fraud and Asset Loss department at Coinbase.
It included a "one-time secure access code" for account verification.
The email urged immediate action, attempting to catch the recipient off guard.

On the surface, this email might seem legitimate, but digging deeper reveals telltale signs of a phishing scam.

How to Spot the Red Flags in Phishing Emails

Phishing emails often rely on subtle clues that can easily be missed if you aren't vigilant. Here's what we noticed in this particular scam:

Suspicious Email Address
The sender's address appeared as "help@coinbase" instead of "help@coinbase.com." Legitimate companies will always use official domain addresses. This discrepancy was the first red flag.
Misleading Links
By hovering over the link in the email (without clicking), it became clear the URL pointed to "tinyurl.com," not Coinbase's official website. Always check where a link leads before interacting with it by hovering over the link and the URL should appear.
Unexpected and Unsolicited Communication
The email included a "secure access code" that was never requested. Receiving unexpected codes or urgent notifications is a common tactic scammers use to trick recipients into responding hastily.

The Scammer's Goal: What They Were Trying to Achieve

Phishing scams like this are designed to harvest sensitive information, such as usernames, passwords, or account details. Here's how this particular scam was set up:

Fake Web Page
The link in the email directed users to a counterfeit website designed to look like Coinbase.
Credential Theft
Once a recipient attempted to log in, the scammers would capture their credentials.
Access to Funds or Data
With these stolen credentials, the scammers could access the real account and potentially steal funds or sensitive information.

This demonstrates how sophisticated phishing attempts can be and why it's critical to remain vigilant.

Tips to Protect Yourself from Phishing Scams

While phishing scams are increasingly sophisticated, there are clear steps you can take to defend against them. Here's how to stay protected:

Verify the Sender's Information
Always check the sender's email address carefully. Look for subtle differences, such as missing domain names or slight misspellings that impersonate legitimate businesses.
Inspect Links Before Clicking
Hover over any link in an email to see the URL destination. If the link doesn't align with the company's official website, don't click it.
Be Wary of Unsolicited Messages
Legitimate companies won't send sensitive information or access codes without prior contact. If you receive an unexpected message, verify it by contacting the company directly through their official website or phone number.
Delete Suspicious Emails Immediately
If something feels off, trust your instincts and delete the email. Never reply to, click on, or engage with suspicious messages.
Engage in Cybersecurity Training
Education is one of the most effective ways to combat phishing scams. Training your team to recognize scams can significantly reduce risk.

Additional Resources: Free Cybersecurity Training

Proactive education is a key defense against phishing and other cyber threats. That's why we offer free, two-hour training sessions—both virtual and in-person—to help you and your team recognize and respond to scams effectively.

Our training sessions cover:

Common phishing tactics and how to identify them.
Hands-on exercises to reinforce best practices.
Strategies to safeguard your organization's sensitive information.
And Much More!

For more information or to schedule a session, visit CyberHero Academy.

Phishing scams are a persistent threat, but with the right knowledge and tools, you can protect yourself and your organization. By staying vigilant, verifying emails, and investing in ongoing training, you can significantly reduce your risk of falling victim to these scams. If you have questions about cybersecurity or need assistance with employee training, feel free to reach out.