Benito Aguilar | Twenty20
Jason Gewirtz is vice president of news at CNBC. Below is his personal experience with scammers.
Last week, my cell phone rang. Around 1:30 p.m., my iPhone ID showed an area code of 650, indicating it was in the San Francisco Bay Area. The caller ID listed an unknown number, but it turned out that the call was from San Francisco.
San Francisco is a global center of innovation and technology and is home to one of CNBC’s major bureaus, so I answered the phone even though I had no idea who was calling. This is something that most people don’t do anymore.
The voice on the other end introduced himself as Brian Miller. coinbase Security room. He immediately told me there was “suspicious activity” on my account and wanted to know if I was trying to log in with an iPhone from Frankfurt, Germany. I told him, “No, I haven’t been to Germany in 20 years and I’ve never used a cell phone to log into my Coinbase account.”
He said that someone with the address “Mohamad25@gmail.com” was on my Coinbase account and tried to send money to me. The man, who identified himself as Miller, said, “I’ve never seen this before. He said he lost his phone on a conveyor belt at the Frankfurt airport and needs access to it.” Miller paused and said, “He’s trying to make another move right now.”
He continued, “We are trying to figure out how he gained access. He has your social security number, phone number, and email address. He also provided us with a photo that matches the Coinbase facial scan. Have you recently given someone access to your information, or have you noticed anything suspicious about your other accounts?”
“No,” I said.
In retrospect, it’s clear to me, too, that this attempted scam was using classic pressure tactics to make me feel like I was in danger. So I would make a quick decision instead of a smart one.
“They’re trying to make you feel like a victim, to scare you, and to ask for help,” Rick Wash, a professor of information science at the University of Wisconsin, said in a phone interview. Wash is a computer scientist who researched the potential for electronic breach two decades ago. He then began to combine his vast technical knowledge with a focus on the personal side of fraud.
“We started to realize that the most important factor in computer fraud is often the human factor,” Wash said.
Something always seemed out of place, but my suspicions increased when Miller mentioned my photo.
“I never gave Coinbase any photos,” I told him.
He said, “To get an account, you had to get an account. You might not remember getting an account, but the Know Your Customer rules forced you to get an account.” Then Miller told me, “He’s trying to make another transfer, but he can’t because I’m holding it up.”
I asked him to send me an email so I knew it was indeed Coinbase calling. He said, “I sent you the case number about 10 seconds ago. You should have it.” He then asked if I had anything to write and read out a six digit number. I told him I didn’t get the email.
“Let me send you another one,” he said. “This will have a new case number.”
He read out the second number and said, “Wait for the email. He’s trying to change your email address, so you might not get it in your inbox. Please check your spam.”
Both messages were in a spam folder from what appeared to be a Coinbase email.
The message included the same verification code he gave me over the phone. There were no typos, just a text box with the Coinbase logo and all the important information. The email address appeared to be from Coinbase, but I thought it was odd that Miller’s name wasn’t there. Then I noticed another sign that something was wrong. The two emails were sent from slightly different addresses. One said “no-reply@mail-coinbase.com via sportuel.com” and another said “support@info.coinbase via live-coinbase.com.”
He asked, “When was the last time you traded on Coinbase?” I thought for a few seconds and remembered that I had purchased a very small amount of ‘Monado’, which I had never heard of until a guest mentioned it at ‘Squawk Box’ last month.
He then asked me, “How much are your total assets?” I replied, “I don’t know that.”
He said, “I can’t say anything because I have a duty of confidentiality.”
So I gave him a wide range of things, but I felt embarrassed about how little money I had and began to realize that something was wrong.
Miller then told me that he really needed a “Coinbase Hard Wallet” and asked me if I knew about it. I said no. He offered to help me set it up.
“Should I change my Gmail password first?” I asked.
“It’s probably a good idea,” he said.
So I asked, “Shouldn’t I change my Coinbase password?”
At that point he hesitated and said, “That’s not recommended. Your account is currently on hold. If you change your password, your account will be frozen for up to two weeks.”
I told Miller that I had a meeting in 5 minutes and asked him how long it would take to get a Coinbase hard wallet. He told me 20 minutes. I said I had to go, but when I asked if we could talk again at 3pm, he promised to call me back.
close call
When I hung up, I tried to think of what to do next. It didn’t seem right, but some details lined up. I verified my account. Nothing seemed wrong.
Then I received the email address he sent me. I copied them and asked Claude, Anthropic’s AI chatbot, if they were legitimate. “This is almost certainly a phishing scam,” came the reply.
Several red flags popped up, including the message being sent from the wrong domain.
“The real Coinbase sends emails from @coinbase.com, not @live-coinbase.com. That hyphenated domain is a classic phishing tactic,” the AI program notes. Claude also flagged suspicious “via” addresses, according to the AI program. “Legitimate companies do not route email through third-party domains like this.”
“Thank you, Claude,” I said to myself, but I also thought, “That was a close call.”
I called my old contact in Coinbase’s PR department and was told, “I don’t work there anymore, but it’s probably a scam. Coinbase doesn’t call people.”
She promised to send the details of my situation to the current team at Coinbase, who emailed and called within minutes to confirm it was a scam.
The caller ID on the phone lit up as “Coinbase” and it was the call I was expecting, so I was a little nervous at first, but I was happy to trust it. I told the Coinbase representative that I would write down the entire 15-minute call so it could be used to alert others. And I decided that this might be a good article for CNBC.com.
Coinbase agreed. A spokesperson who frequently deals with security issues said the company has ways to prevent fraud even if victims do fall victim to it, such as monitoring for large transfers or sudden sales from accounts that don’t often send or sell cryptocurrencies.
In this photo taken on June 8, 2023, a smartphone with the Coinbase logo and cryptocurrency representation rests on top of the keyboard.
Dado Luvić | Reuters
“We invest heavily in prevention, detection and rapid response,” a spokesperson said in an email. The representative added that Coinbase will never instruct customers to move their cryptocurrencies to a secure wallet. “If someone tells you to move funds to protect them, it’s a scam,” the spokesperson said.
Coinbase also acknowledged that artificial intelligence is a factor that increases the quality of fraud and scams.
The company said that “attackers are using a variety of bots and AI automation to facilitate their workflows,” noting that AI voice agents are being used “to create more believable automated calls.”
ZeroShadow, a company that seeks to return stolen crypto assets to their rightful owners, says its systems saw a 1,400% increase in “impersonation fraud” last year.
“While attacks come from within and outside the United States, the people behind the scams often seek to hire and train young men and teenagers, people with low inhibitions,” said Zero Shadow CEO Casey G., who asked that his full name not be used due to security threats. “They sell scripts and sometimes audio modulation devices.”
The CEO said his company has recovered about $200 million from victims over the past four years, but acknowledged it has been a difficult process.
“Once virtual currency leaves an account, it can be tracked, but it’s not that easy to get it back,” he said. “We need local government support. In the US, cryptocurrencies have less protection than the traditional banking system,” Casey G. also said that AI is being used by fraudsters to increase their workforce.
One of the most successful techniques used by scammers was to create a sense of urgency. When I was on the phone and told them that an attempt was underway, I was almost fooled into taking action or providing information. I could feel my pulse racing and my instinct was to stop whatever was happening.
Anti-fraud experts say this is a common tactic and is becoming more sophisticated as bad actors buy and sell successful “fraud scripts” on the dark web. Coinbase said it advises people to “slow down, take a breath, examine things independently, and don’t act under pressure.”
Please be careful.
WATCH: The surprising rise of AI “undressing” apps
