Benito Aguilar | Twenty20
Jason Gewirtz is vice president of news at CNBC. What follows is a personal account of his experience with a scammer.
Last week my cell phone rang. It was about 1:30 p.m., and the iPhone ID showed the 650 area code, which I recognized as the San Francisco Bay Area. The caller ID listed the number as unknown but labeled it as coming from San Francisco.
Given San Francisco’s position in the heart of global innovation and technology and that it’s the location of one of CNBC’s key bureaus, I picked up despite not knowing who was calling, something people rarely do anymore.
The voice on the other end introduced himself as Brian Miller from Coinbase’s security office. He quickly told me there was “suspicious activity” on my account and wanted to know if I was trying to log in from Frankfurt, Germany, on an iPhone. I told him, “No, I haven’t been in Germany in 20 years, and I never use my cell phone to log into my Coinbase account.”
He told me someone with an address of “Mohamad25@gmail.com” was in my Coinbase account and had tried to make a transfer. The man claiming to be Miller then said, “I haven’t seen this one before. He’s saying he lost his phone on a conveyor belt at the airport in Frankfurt and needs access.” Miller stopped for a second and then said, “He’s trying to make another transfer right now.”
He continued, “I’m trying to figure out how he got access, he has your Social Security number, your phone and your email address. He also gave us a photo that matches your Coinbase face scan. Have you given anyone access to your information lately or have you noticed anything else suspicious on other accounts?”
“No,” I said.
Looking back it’s pretty clear, even to me, the attempted scam used classic pressure tactics to get me to feel like I was in danger, so I’d make a fast decision, rather than a smart one.
“They try to make you scared by making you feel like you’re the victim, and they’re calling to help,” said Rick Wash, professor of information science at the University of Wisconsin, in a phone interview. Wash is a computer scientist who researched the possibility of electronic breaches two decades ago. He then began mixing his vast technical knowledge to focus on the personal side of the scam.
“I began to realize the human factor was often the most critical factor of computer scams,” Wash said.
While something always seemed out of place, my suspicions grew when Miller mentioned my photo.
“I never gave Coinbase my photo,” I told him.
He said, “In order to get an account you would have had to. You might not remember doing it but we have to have it due to know-your-customer rules.” Miller then told me, “He’s trying to make another transfer, but I have it on hold so he can’t.”
I asked him to please send me an email so I know that he’s really calling from Coinbase. He said, “I just sent you a case number about 10 seconds ago, you should have it.” Then he asked if I had something to write with, and he read me a six-digit number. I told him that the email didn’t arrive.
“Let me send another one,” he said. “This will have a new case number.”
He read a second number and then said, “I’ll wait until you get the email. You might not get it in your inbox because he’s trying to change your email address. Check your spam.”
Both messages were in the spam folder from what appeared to be a Coinbase email.
The messages had the same confirmation codes as the ones he gave me on the phone. There were no typos, there was a Coinbase logo and a text box with all the key information. The email address appeared to have come from Coinbase, but I thought it was odd it didn’t have Miller’s name on it. Then I spotted another sign that something wasn’t right: The two emails came from slightly different addresses. One said “no-reply@mail-coinbase.com via sportuel.com,” and the other said “support@info.coinbase via live-coinbase.com.”
He asked, “When was your last Coinbase transaction?” I thought for a few seconds and then remembered buying a very small amount of “Monad” which I’d never heard of before a guest mentioned it on “Squawk Box” last month.
When he followed by asking, “What are your total assets?” I responded, “Shouldn’t you know that?”
He said, “Due to confidentiality, I can’t say.”
So, I gave him a wide range, being embarrassed about how little money I had, and starting to realize that something wasn’t right.
Miller then told me I really needed a “Coinbase Hard Wallet” and asked if I was familiar with that. I said I was not. He offered to help me set it up.
I asked, “First should I change my Gmail password?”
“Probably a good idea,” he said.
Then I asked, “Shouldn’t I change my Coinbase password?”
At that point, he hesitated and said, “We don’t recommend that. Right now I have your account on hold. If you change your password, it will freeze it for up to two weeks.”
I told Miller that I had a meeting in five minutes and asked how long it would take to get the Coinbase Hard Wallet. He told me 20 minutes. I said I had to go, but I asked if we could talk again at 3 p.m. He promised to call me back.
Close call
When I hung up, I tried to figure out what to do next. It didn’t seem right but several details lined up. I checked my account. Nothing seemed out of order.
Then I took the email addresses he had sent. I copied them and asked Claude, Anthropic’s AI chatbot, if they were legitimate. The response came back, “This is almost certainly a PHISHING scam.”
Several red flags popped up, including that the messages were coming from the wrong domain.
“The real Coinbase sends emails from @coinbase.com, not @live-coinbase.com. That hyphenated domain is a classic phishing tactic,” according to the AI program’s notes. Claude also flagged the suspicious “via” address: “Legitimate companies don’t route emails through third-party domains like this,” according to the AI program.
I said to myself, “Thanks, Claude,” while also thinking, “That was close.”
I called an old contact in Coinbase’s public relations department who told me, “I don’t work there anymore, but that’s probably a scam. Coinbase doesn’t call people.”
She promised to send details on my situation to the current team at Coinbase who texted and called within a few minutes confirming it was a scam.
The caller ID lit up on phone, “Coinbase” and because I expected the call, I was willing to trust it despite being a little nervous at first. I told the Coinbase representative I’d write up the whole 15-minute call for her so they could hopefully use it to warn others… then decided, maybe this would be a good article for CNBC.com.
Coinbase agreed. A spokesperson who often deals with security issues said the company has ways to prevent people from being scammed, even when the victim falls for it, including watching for large transfers or sudden sales from accounts that don’t often transfer or sell crypto.
A smartphone with the Coinbase logo and representation of cryptocurrencies are placed on a keyboard in this photo taken June 8, 2023.
Dado Ruvic | Reuters
“We invest heavily in prevention, detection, and rapid response,” the spokesperson said in an email. The rep added that Coinbase would never tell a customer to transfer crypto into a safe wallet. “If someone tells you to move funds to protect them, it’s a scam,” the spokesperson said.
Coinbase also acknowledged that artificial intelligence was a multiplying factor in scam attempts and the quality of scams.
“Attackers use a variety of bots and AI automations to make their workflows easier” the company said, noting that AI voice agents are being used “to create more believable automated calls.”
According to ZeroShadow, a firm that tries to return stolen crypto assets back to their rightful owners, their systems have seen a 1,400% increase in “impersonation scams” in the last year.
“The attacks come from inside and outside of the U.S., but the people behind the scams often try to hire young men or teenagers, people who have less inhibition, and train them,” said Casey G., ZeroShadow’s CEO, who asked that his full last name be withheld because of security threats. “They sell them scripts and sometimes voice modulation devices.”
The CEO said his firm has recovered about $200 million for victims over the last four years, but he admits it’s a difficult process.
“Once the crypto is out of your account, we can trace it, but getting it back isn’t so easy,” he said. “We need help from local authorities. Crypto has less protection than the traditional banking system in the U.S.” Casey G. also said AI is being used by scam chiefs to multiply their workforce.
One of the most successful techniques the scammer used was creating a sense of urgency. By telling me there was an ongoing attempt while we were on the phone, I was almost tricked into taking action or giving up information. I felt my pulse racing and had an instinct to stop whatever was happening.
Anti-scam experts say that’s a common tactic that’s getting more sophisticated as bad actors buy and sell successful “scam scripts” on the dark web. Coinbase said it advises people to “slow down, take a beat, verify things independently and don’t act under pressure.”
Be careful out there.
WATCH: The alarming rise of AI ‘nudify’ apps
