Author

Topic: Beware: Coinbase Phishing scam "Review Our New User Agreement" (Read 3703 times)

hero member
Activity: 854
Merit: 1000
I know this is is an old thread but just wanted to point out that the Phishers are at it again......

Just received a boat load of fake emails pretending to be coinbase.  Be Aware!
member
Activity: 119
Merit: 100
Bah, I didn't catch that it was a phishing attempt until after I'd logged in with my password. Changed the password immediately.

I didn't notice it was a bad link until it said the page was not available. Then I looked closer at the link and it was a coinbase link with some sort of url redirect:

h ttps://www.coinbase.com/sessions/oauth_signin?client_id=ef7477ce7e238f083b59f8ff58a0974f086fa18fce609ad6499935889f5a763e&redirect_uri=https://coinbasevaultcom.serversicuro.it/&response_type=code

Though I don't think it actually redirected.
------
On 08/11/2014 with the introduction of our new Multisig Vault our User Agreement has changed. Please click the link below to accept our new User Agreement:

Accept Our New User Agreement

In order to continue using our services you need to agree with the new agreement.

Kind regards,
The Coinbase Team
-------

You can't just change your password immediately. You need to remove all 3rd party API access now in coinbase now. This is a huge flaw in coinbase: http://www.reddit.com/r/Bitcoin/comments/2lt76n/warning_coinbase_oauth_phishing_attack_allows/
This is true for most sites that allow API access as all that you need to access the site is the API key associated with your account. It is an overall security risk for any site that you enable API access to when the API can make any kind of financial decisions for you
newbie
Activity: 6
Merit: 0
Bah, I didn't catch that it was a phishing attempt until after I'd logged in with my password. Changed the password immediately.

I didn't notice it was a bad link until it said the page was not available. Then I looked closer at the link and it was a coinbase link with some sort of url redirect:

h ttps://www.coinbase.com/sessions/oauth_signin?client_id=ef7477ce7e238f083b59f8ff58a0974f086fa18fce609ad6499935889f5a763e&redirect_uri=https://coinbasevaultcom.serversicuro.it/&response_type=code

Though I don't think it actually redirected.
------
On 08/11/2014 with the introduction of our new Multisig Vault our User Agreement has changed. Please click the link below to accept our new User Agreement:

Accept Our New User Agreement

In order to continue using our services you need to agree with the new agreement.

Kind regards,
The Coinbase Team
-------

You can't just change your password immediately. You need to remove all 3rd party API access now in coinbase now. This is a huge flaw in coinbase: http://www.reddit.com/r/Bitcoin/comments/2lt76n/warning_coinbase_oauth_phishing_attack_allows/
member
Activity: 119
Merit: 100
EDIT: Oh, it didn't redirect?

I don't believe so, but I'm not trying the link again to find out.
If you have access/the ability to run a VM, I would suggest visiting the URL from a VM to see what happens and to investigate for sure if it is actually a coinbase page or not when you load the URL.

Also I would suggest editing your post so it is more obvious that the link is a potential phishing link.
legendary
Activity: 3598
Merit: 2386
Viva Ut Vivas
Did you receive a email with this link in or was in on a google search?

An e-mail. Which is more disturbing considering they knew my e-mail address. Though I use that address for many things.
They probably found your email address from some database of email addresses that are associated with bitcoin and sent emails to them all.

Another possibility is that they attempted to sign up with many email addresses and sent emails to accounts that they received an error message saying that an account already exists with that email

Probably from one of the many hacked sites...Bitcoinica, Mt Gox, and others.

I had 2 factor authentication set up anyway so they could not access my account either way.
full member
Activity: 155
Merit: 100
Did you receive a email with this link in or was in on a google search?

An e-mail. Which is more disturbing considering they knew my e-mail address. Though I use that address for many things.
They probably found your email address from some database of email addresses that are associated with bitcoin and sent emails to them all.

Another possibility is that they attempted to sign up with many email addresses and sent emails to accounts that they received an error message saying that an account already exists with that email
legendary
Activity: 3598
Merit: 2386
Viva Ut Vivas
Did you receive a email with this link in or was in on a google search?

An e-mail. Which is more disturbing considering they knew my e-mail address. Though I use that address for many things.
newbie
Activity: 3
Merit: 0
Did you receive a email with this link in or was in on a google search?
legendary
Activity: 3598
Merit: 2386
Viva Ut Vivas
EDIT: Oh, it didn't redirect?
[/quote

I don't believe so, but I'm not trying the link again to find out.
legendary
Activity: 1862
Merit: 1011
Reverse engineer from time to time
Wow...this is a serious flaw in coinbase, it allows an attacker to arbitrarily redirect people by disguising the link(and actually using coinbase itself).

EDIT: Oh, it didn't redirect?
sr. member
Activity: 378
Merit: 250
Thanks for sharing Elwar.
legendary
Activity: 3598
Merit: 2386
Viva Ut Vivas
Bah, I didn't catch that it was a phishing attempt until after I'd logged in with my password. Changed the password immediately.

I didn't notice it was a bad link until it said the page was not available. Then I looked closer at the link and it was a coinbase link with some sort of url redirect:

h ttps://www.coinbase.com/sessions/oauth_signin?client_id=ef7477ce7e238f083b59f8ff58a0974f086fa18fce609ad6499935889f5a763e&redirect_uri=https://coinbasevaultcom.serversicuro.it/&response_type=code

Though I don't think it actually redirected.
------
On 08/11/2014 with the introduction of our new Multisig Vault our User Agreement has changed. Please click the link below to accept our new User Agreement:

Accept Our New User Agreement

In order to continue using our services you need to agree with the new agreement.

Kind regards,
The Coinbase Team
-------
Jump to: