Security PSA: Search engine phishing | by Coinbase | Jul, 2022

Tl;dr: Search engine phishing exploits the belief we’ve in search engines like google and the comfort of looking for one thing slightly than remembering the area. The next piece outlines what search engine phishing assaults could appear like and the way Coinbase customers can keep away from them.

By Coinbase Safety Staff

How do you log in to Coinbase? In case you’re like many individuals, you open your most well-liked browser and sort “Coinbase” or “Coinbase login” within the deal with bar. You anticipate to get outcomes like this:

However generally it’s possible you’ll get outcomes like this:

The second set of screenshots present an instance of phishing hyperlinks. That is known as search engine phishing and it has grow to be a pattern for attackers concentrating on Coinbase accounts.

When most individuals consider phishing, e-mail or SMS phishing involves thoughts. Nevertheless, phishing can take many types. Search engine phishing exploits the belief we’ve in search engines like google and the comfort of looking for one thing slightly than remembering the area.

All of us do it, however this opens us as much as potential search engine phishing assaults if we’re not diligent about checking our hyperlinks and defending ourselves on-line. Listed below are some tricks to forestall this from occurring to you:

Coinbase makes use of a uniform naming conference for our web sites and pages. The conference follows this sample: [page].coinbase.com. For instance, listed here are a few of our pages:

One solution to keep away from this sort of rip-off is to bookmark the above Coinbase pages that you just frequent. Bookmarking removes the necessity to seek for, or manually sort, a site identify. Here’s a fast tutorial on tips on how to create bookmarks in the most well-liked browsers.

It takes a great quantity of labor for anybody to get their web site ranked excessive in search engine outcomes. That is known as Search Engine Optimization (web optimization), which is the method of enhancing the site visitors from search engines like google to an internet site. Some web site providers, together with Google Websites and Microsoft Azure, supply built-in web optimization performance.

As seen within the screenshots above, attackers have a tendency to take advantage of web site providers like Google Websites and Microsoft Azure — constructing a false sense of belief within the phishing hyperlink.. The naming conventions may comply with a sample like one of many following:

websites.google.com/[phishingpage].com
[phishingpage].azurewebsites.internet

These phishing web sites will sometimes then redirect to a different phishing web page after a sufferer clicks a button on the location. The redirect will take the sufferer to a second phishing web page the place the precise phishing assault occurs. Utilizing a second phishing website is a method for attackers to guard the primary phishing website and preserve its web optimization rating. So, pay attention to redirects as a sign that you could be be visiting a phishing web site. A typical circulation could appear like this:

Listed below are some indicators you’ll be able to search for to guard your self from search engine phishing:

• Does the naming conference of the search consequence comply with this sample: [page].coinbase.com? If not, it’s possible a phishing web page.
• Once you click on on a search consequence, are you redirected to an internet site with a special area than what you anticipated? If that’s the case, it’s possible a phishing web page.
• Once you click on on a search consequence, does the web site look totally different than the final time you logged in to Coinbase? If that’s the case, this could possibly be a phishing web page which is utilizing an older model of our web site theme.
• Once you go to the web site from the search outcomes and click on on a button, are you redirected to an internet site with a special area than the primary web page? If that’s the case, it’s possible a phishing web page.
• After you enter your credentials, are you prompted to name Coinbase due to some kind of error? Does a reside chat field robotically open? This tactic is often paired with phishing assaults and is called a “assist rip-off” assault.

Right here is an instance of what a rip-off error could appear like and a reside chat field which can comply with the error:

Keep in mind, suppose earlier than you click on! Our US assist telephone quantity is 1–888–908–7930 and yow will discover different methods to contact us at assist.coinbase.com. If you’re suspicious of exercise on a “Coinbase” web site, go to our Assist web page and provoke a dialog there with our Help group.

We’re continuously monitoring the web to determine phishing domains and take them down, however we want your assist. Please assist us by reporting any suspicious domains to safety@coinbase.com.