Security PSA: Search engine phishing | by Coinbase | Jul, 2022

Tl;dr: Search engine phishing exploits the belief we’ve in search engines like google and yahoo and the comfort of looking for one thing slightly than remembering the area. The next piece outlines what search engine phishing assaults could seem like and the way Coinbase customers can keep away from them.

By Coinbase Safety Staff

How do you log in to Coinbase? If you happen to’re like many individuals, you open your most popular browser and kind “Coinbase” or “Coinbase login” within the handle bar. You anticipate to get outcomes like this:

However generally you could get outcomes like this:

The second set of screenshots present an instance of phishing hyperlinks. That is referred to as search engine phishing and it has turn out to be a pattern for attackers concentrating on Coinbase accounts.

When most individuals consider phishing, e-mail or SMS phishing involves thoughts. Nevertheless, phishing can take many kinds. Search engine phishing exploits the belief we’ve in search engines like google and yahoo and the comfort of looking for one thing slightly than remembering the area.

All of us do it, however this opens us as much as potential search engine phishing assaults if we’re not diligent about checking our hyperlinks and defending ourselves on-line. Listed here are some tricks to forestall this from occurring to you:

Coinbase makes use of a uniform naming conference for our web sites and pages. The conference follows this sample: [page].coinbase.com. For instance, listed below are a few of our pages:

One solution to keep away from one of these rip-off is to bookmark the above Coinbase pages that you simply frequent. Bookmarking removes the necessity to seek for, or manually kind, a website title. Here’s a fast tutorial on create bookmarks in the preferred browsers.

It takes a superb quantity of labor for anybody to get their web site ranked excessive in search engine outcomes. That is referred to as Search Engine Optimization (web optimization), which is the method of enhancing the visitors from search engines like google and yahoo to an internet site. Some web site companies, together with Google Websites and Microsoft Azure, supply built-in web optimization performance.

As seen within the screenshots above, attackers have a tendency to use web site companies like Google Websites and Microsoft Azure — constructing a false sense of belief within the phishing hyperlink.. The naming conventions would possibly observe a sample like one of many following:

websites.google.com/[phishingpage].com
[phishingpage].azurewebsites.internet

These phishing web sites will sometimes then redirect to a different phishing web page after a sufferer clicks a button on the location. The redirect will take the sufferer to a second phishing web page the place the precise phishing assault occurs. Utilizing a second phishing web site is a approach for attackers to guard the primary phishing web site and keep its web optimization rating. So, concentrate on redirects as a sign that you could be be visiting a phishing web site. A typical stream could seem like this:

Listed here are some indicators you’ll be able to search for to guard your self from search engine phishing:

• Does the naming conference of the search end result observe this sample: [page].coinbase.com? If not, it’s possible a phishing web page.
• While you click on on a search end result, are you redirected to an internet site with a unique area than what you anticipated? If that’s the case, it’s possible a phishing web page.
• While you click on on a search end result, does the web site look totally different than the final time you logged in to Coinbase? If that’s the case, this may very well be a phishing web page which is utilizing an older model of our web site theme.
• While you go to the web site from the search outcomes and click on on a button, are you redirected to an internet site with a unique area than the primary web page? If that’s the case, it’s possible a phishing web page.
• After you enter your credentials, are you prompted to name Coinbase due to some kind of error? Does a dwell chat field mechanically open? This tactic is usually paired with phishing assaults and is called a “help rip-off” assault.

Right here is an instance of what a rip-off error could seem like and a dwell chat field which can observe the error:

Keep in mind, suppose earlier than you click on! Our US help cellphone quantity is 1–888–908–7930 and yow will discover different methods to contact us at assist.coinbase.com. In case you are suspicious of exercise on a “Coinbase” web site, go to our Assist web page and provoke a dialog there with our Help staff.

We’re consistently monitoring the web to establish phishing domains and take them down, however we’d like your assist. Please assist us by reporting any suspicious domains to safety@coinbase.com.