Phishers impersonating exchanges are going for round two. ETHNews reported on a scam recently where an emailer from email@example.com sent false "new device" alerts to users in a bid to get access to their Coinbase accounts.
Now the entity behind firstname.lastname@example.org is at it again with a new message. This morning, November 21, 2017, at 8:21 ETHNews received an email from the known scam address email@example.com claiming that a nonexistent Coinbase account required identity confirmation.
Ironically the phishing attempt uses the prevalence of phishing in the ecosystem to prompt users to verify themselves. Hovering over the link in the email reveals that it is connected to www.briansings.com which redirects to http://coinbasê.com (IT IS HIGHLY ADVISED USERS DO NOT VISIT THESE WEBSITES). Note the circumflex above the "e" in the latter URL, denoting a French language character, as opposed to the actual website for the cryptocurrency exchange, www.Coinbase.com.
See an image of the scammer's message below:
Anyone who receives this message is warned to be certain it did not originate from the known scam address firstname.lastname@example.org. As always, users are reminded to manually enter websites into address bars instead of relying on links, particularly if those links come from emails of questionable origin. It's also a good idea to test bookmarks to make sure they haven't been compromised.
Should more details emerge or other scams crop up, ETHNews will provide additional coverage.