Phishers impersonating exchanges are going for round two. ETHNews recently reported that an emailer from firstname.lastname@example.org sent false "new device" alerts to users in a bid to get access to their Coinbase accounts.
Now the entity behind email@example.com may be at it again with a new message. This morning, November 21, 2017, at 8:21 ETHNews received an email from the known scam address firstname.lastname@example.org claiming that a nonexistent Coinbase account required identity confirmation.
Ironically, the phishing attempt uses the prevalence of phishing in the ecosystem to prompt users to verify themselves. Hovering over the link in the email reveals that it is connected to www.briansings.com which redirects to http://coinbasê.com (IT IS HIGHLY ADVISED USERS DO NOT VISIT THESE WEBSITES). Note the circumflex above the "e" in the latter URL, denoting a French language character, as opposed to the actual website for the cryptocurrency exchange, www.Coinbase.com.
See an image of the scammer's message below:
Anyone who receives a similar message is warned to be certain it did not originate from the known scam address email@example.com. As always, users are reminded to manually enter websites into address bars instead of relying on links, particularly if those links come from emails of questionable origin. It's also a good idea to test bookmarks to make sure they haven't been compromised.
Should more details emerge or other scams crop up, ETHNews will provide additional coverage.