Crypto security, As cryptocurrency trading gets more popular, our Security team at Coinbase has seen fraudsters become more innovative and relentless in their efforts to steal assets. While this may seem to be frightening at first, the good news is that you can substantially increase your digital security with only a few simple measures. Not only will this help secure your Coinbase assets, but it can also be used to the rest of your digital life!
An “account takeover,” or “ATO,” occurs when someone is able to enter into one of your accounts and undertake fraudulent activities. But how did these criminals get access to your account in the first place? A “SIM-swap” is a popular procedure. In a SIM-swap attack, fraudsters call your cellular carrier claiming to be you and convince the customer service representative to reroute your mobile service to a new device by altering the SIM card number connected with your account (hence the name of the attack.) They will be able to receive any calls and SMS messages received to your phone number after they have succeeded, including any two-factor authentication tokens delivered to you through SMS. Fraudsters will then regularly mix those SMS 2FA codes with stolen passwords to attempt to access into your email account, social media profiles, cloud storage accounts like Dropbox, or financial accounts like Coinbase.
At Coinbase, we work hard behind the scenes to identify and prevent SIM-swap ATOs from targeting our users’ accounts. We also feel that SMS-based two-factor authentication (2FA) is preferable than none at all. That being said, we advise everyone to take the two easy actions outlined below and apply them to all of their accounts, not just their Coinbase accounts.
Make use of a password manager
Crypto security, Passwords for your accounts should be at least 16 characters long, exceedingly complicated, and unique. This is difficult to do on your own, but password managers such as 1Password or Dashlane may help you establish and remember your passwords.
Are you presently using a password that was compromised in a third-party data breach? You can find out if you’ve been pwned by visiting haveibeenpwned.com/Passwords.
Utilize two-factor authentication (2FA)
Use two-factor authentication in addition to strong passwords, if available (2FA). And, wherever possible, utilise the strongest sort of 2FA that the platform supports, preferably a Yubikey or comparable hardware security key.
- If a service provider does not accept Yubikey, use an authentication programme such as Google Authenticator or Duo Security instead of SMS-based 2FA.
- If SMS-based 2FA is the sole option, need a one-time 2FA code to be provided to your smartphone every time you login – this ensures that someone cannot access your account if they have stolen your password.
- Consider not utilising a service if it does not provide any of these alternatives.
Stay smart out there
When it comes to securing your accounts, it’s critical not just to play defence with the correct security tools, but also to be attentive in the wild. Here are some guidelines:
Don’t set yourself up as a target
- Don’t talk about your bitcoin holdings on social media, just as you wouldn’t brag about receiving $50 million.
- Examine your web presence with this simple self-assessment tool.
Don’t fall for tricks
- Hackers acting as tech assistance, or even criminal actors posing as Coinbase customer service, may ask for your account details. Coinbase will never ask you for passwords, 2FA codes, PIN numbers, or remote computer access.
- Coinbase will never request that you establish test accounts on other platforms or provide your ID or financial information through email or social media. We do not provide Facebook help chat and will never call you.
- If you get an email and are unsure if it is a scam, please contact security@coinbase.com to check its legitimacy. Also, keep in mind that Microsoft, Google, and Apple will never contact you about your machine.
Examine the URL
- Scammers construct bogus sites that seem to be legitimate exchanges but are intended to steal account information. Before you connect to your account or enter any of your credentials, double-check the site URL.
- If we sent you an email with a link, copy it and paste it into a text editor before pasting it into your browser to ensure you know where the link takes you.
While Coinbase has gone to tremendous pains to safeguard our environment, it is critical that everyone knows their part in keeping the security chain intact. By following some simple security procedures, you can make sure your crypto remains secure.