Don’t accept New terms of service to avoid Coinbase phishing

Loredana Harsana
by Loredana Harsana
Editor
0 Comments
Download PDF
Affiliate Disclosure

  • A recent phishing campaign uses a Coinbase-themed email to get access to a user's email account.
  • Coinbase is supposed to be secure, yet you need to pay attention to the New terms of service email.
  • In order to enjoy access to premium productivity and collaboration apps, find all about Microsoft 365.
  • Moreover, feel free to bookmark our Security & Privacy Software Hub to find more security tricks.
Don’t accept New terms of service to avoid Coinbase phishing

The latest phishing campaign uses a Coinbase-themed email in order to allow hackers access a user’s email account and perform actions on their behalf.

That’s possible by using a specific Microsoft 365 consent app that gives attackers access to the user’s email. These consent apps actually are Microsoft 365 OAuth applications.

At the moment, this phishing campaign takes the form of a New terms of service agreement that Coinbase users must read and accept in order to continue using the service.

Things like that have constantly happened during the past few years. Here’s what one user said:

Recently received an authorization email from “coinbase” claiming that a new device is requesting access to your account. The email said the IP location was from Russia, so I scrolled down and hit “cancel request”.

How to protect Microsoft 365 account from Coinbase phishing?

protect Microsoft 365 account

As said before, the New terms of service agreement isn’t always what it seems. Clicking on the Read and Accept Terms of Service FAQ link leads you to a legitimate Microsoft page.

You are asked to log in to the Microsoft account. Pay attention to the URL and see if it asks for the User.Read, Mail.Read, and Mail.ReadWrite permissions.

Once in your Microsoft account, you’ll see a new prompt to allow an app from coinbaseterms.app to access your account.

At this point, do not accept the app’s request or else you risk turning into a victim of a fraudulent practice that may a huge impact on your security.

The security token associated with your account will fall into the wrong hands and will get compromised in no time.

Hackers will be able to access your mail, contacts, personal notes, and any sensitive information stored on your cloud storage space.

Let us know if this has ever happened to you in the past, by using the comments area below.