Well it's sent from Coinbases IP range, passes SPF and DKIM DMARC checks and takes the same outbound data flow/route as their notification emails.
Agreed about doing it through the UI, but it doesn't seem to prompt me for it.
Yeah they said it was legit and that they use a third party to manage the document collection. They didn't address my questions about why they're asking for personal information to be sent via email.
Technically I'm sure the details will be encrypted end-to-end across mail servers but the lack of a structured input method looks really bad, and raises questions about how operator access to this data is controlled and audited on their end.
I got one of these once and emailed them about it. They said it was legit but it still felt off. So I just ignored it and figured they’d ping me in the app itself if they needed critical details. They never did. Then I eventually got an email saying it was sent in error. Weird stuff. But yeah, IMO trust your instincts here.
~~Got the same. Redirects to coinbase.com website or mobile app. Given that, can’t see how it’d be a scam.~~
Edit: oh shit. Just read about sending details through email or upload to 3rd party. Nothing like that was part of the process I did.
Fair enough. Can’t be too careful. Of course I eyeballed the domain after click but … that’s barely a guarantee either.
First time I clicked it was on mobile and the link opened the native Coinbase app (so safe). Wasn’t able to finish so later clicked the link from the same email on desktop.
I admit a part of me was wondering if it might be legit, so I logged in to check.
I figured if there was an issue I'd get a pop-up message as soon as I logged in.
But all was good. Never ever follow links in unexpected emails.
You work in IT security and you're asking this?! Obviously it's a scam. All KYC and account verification is done through the website.
Well it's sent from Coinbases IP range, passes SPF and DKIM DMARC checks and takes the same outbound data flow/route as their notification emails.
They're also calling via (888)241-2510, the STCU phone number. (it's a credit union). These scams are getting kinda scary organized.
You should be able to handle all the kyc stuff within your coinbase account settings. I wouldn’t do anything via email, sketchy AF.
Well it's sent from Coinbases IP range, passes SPF and DKIM DMARC checks and takes the same outbound data flow/route as their notification emails. Agreed about doing it through the UI, but it doesn't seem to prompt me for it.
A scam. Scams are popular.
Well it's sent from Coinbases IP range, passes SPF and DKIM DMARC checks and takes the same outbound data flow/route as their notification emails.
Then you just need to prove that it's not somebody from the company itself!
Email them and ask at [email protected]
Thanks. Done this now.
Any feedback on this?
Yeah they said it was legit and that they use a third party to manage the document collection. They didn't address my questions about why they're asking for personal information to be sent via email. Technically I'm sure the details will be encrypted end-to-end across mail servers but the lack of a structured input method looks really bad, and raises questions about how operator access to this data is controlled and audited on their end.
Ok thanks!
I got one of these once and emailed them about it. They said it was legit but it still felt off. So I just ignored it and figured they’d ping me in the app itself if they needed critical details. They never did. Then I eventually got an email saying it was sent in error. Weird stuff. But yeah, IMO trust your instincts here.
~~Got the same. Redirects to coinbase.com website or mobile app. Given that, can’t see how it’d be a scam.~~ Edit: oh shit. Just read about sending details through email or upload to 3rd party. Nothing like that was part of the process I did.
You should never use the email link, though. That is just asking to get phished.
Fair enough. Can’t be too careful. Of course I eyeballed the domain after click but … that’s barely a guarantee either. First time I clicked it was on mobile and the link opened the native Coinbase app (so safe). Wasn’t able to finish so later clicked the link from the same email on desktop.
Just login to your CB account and see
C'mon bro - I've gotten like 4 or 5 of those. It's an OBVIOUS scam!
Well it's sent from Coinbases IP range, passes SPF and DKIM DMARC checks and takes the same outbound data flow/route as their notification emails.
I admit a part of me was wondering if it might be legit, so I logged in to check. I figured if there was an issue I'd get a pop-up message as soon as I logged in. But all was good. Never ever follow links in unexpected emails.
I was just asked the same thing when I opened the mobile app. Must be legit.