Coinbase impersonators are trying to harvest Microsoft 365 account data as the scammers are spoofing popular crypto brands as crypto adoption gains traction among consumers.

Phishing emails are now used by Coinbase impersonators that try to harvest Microsoft 365 account login data. Hackers send fake emails from crypto exchanges to trick users into handing over their login details. Once crypto enters the mainstream, hackers are spoofing popular brands to access other services.  A new wave of phishing emails is targeting Microsoft 365 accounts by posing as a major crypto exchange Coinbase.

According to a report by BleepingComputer, phishing emails are presented as notifications from Coinbase thus informing users about the exchange’s New Terms of Service which they have to accept. The hackers ask users to authorize a modified consent app which is a version of the Legitimate office 365 app that provides third parties access to email accounts. After accepting the terms of services FAQ  “users are redirected to the real Microsoft website to log into their account, and then asked to give the malicious consent app—dubbed “”—access to read and write their mail address.

hackers try to hack, bitcoin, wallet

The hackers won’t be able to send new emails on users’ behalf as they can still gain access and read the correspondence as well as edit unsent drafts. These attacks can potentially be used to read various messages that are sent by two-factor authentication services. Dave Jevans, the CEO of CipherTrace explained that the scammers are posing as brands as well-known platforms like Coinbase:

 â€œThe use of consumer brands to trick users into giving out Office365 credentials has been on the rise. Brands like Coinbase have tens of millions of users, so widespread spam campaigns can be effective.”

He added that Coinbase is not the only one of the popular brands for this type of phishing attack according to the APWG eCrime phishing feed database. The hackers are sending out these emails at random and don’t target coinbase users specifically:

 â€œIt is doubtful that a compromised list of email addresses from Coinbase is being used to gain access to your email account. Targeted phish would be more oriented at getting your login credentials to access your funds.”

When attackers target crypto users, they are usually trying to gain direct access to digital assets instead of emails or other accounts. The use of the Coinbase brand by hackers suggests that the crypto services are gaining traction.  A few years ago, hackers tried to gain access to crypto accounts by spoofing mainstream platforms but not vice versa.



Please enter your comment!
Please enter your name here