Here’s an interesting article ¹ detailing the methods scammers use to steal your one-time passwords for Coinbase.

People criticize Coinbase for not doing more to fend off the phishing bots. Well, it’s not as easy as it sounds and expensive. The bottom line is: fighting the bots won’t reduce the number of gullible people out there. Some folks are just too naive to be effectively protected.

There is a multitude of anti-phishing services, browser and email client plugins, and other software. Scammers are exceptionally shrewd chaps, and they will find a way around all these technical hurdles. So don’t rely on those.

The common excuse of people who got caught in phishing schemes: I didn’t realize this was a scam; I thought this was the real deal. And here lies the problem. Your massive IQ and natural level of paranoia, notwithstanding, sooner or later, you will fall victim to a phishing scheme. It will just have to be a very sophisticated one to ensnare a big fish like you.

Your task is not to figure out what’s real or fake but to control what information you give out and when. The answer is, none – ever unless it was your idea from the very start.

And for pity’s sake, stop clicking on links in the goddamn emails. This is really very simple: did you get an email asking you to do something? Did it come from your boss? No? Fuck it then.

Essentially, to be safe, you need to be as lazy as possible because the more you thrash about, the sooner you’ll get trapped. Ignore calls, emails, texts, knocks on the door – almost everything happening in your daily life is just someone’s effort to relieve you of your hard-earned cash.