Microsoft

Tips on how to best secure your crypto

By Matt Muller, Head of Security Operations, CoinbaseAs crypto trading becomes increasingly mainstream, our Security team here at Coinbase has seen cybercriminals getting even more creative and persistent in their attempts to steal assets. While that can sound a little scary at first, the good news is that you can dramatically improve your digital security…

By Matt Muller, Head of Security Operations, CoinbaseAs crypto trading becomes increasingly mainstream, our Security team here at Coinbase has seen cybercriminals getting even more creative and persistent in their attempts to steal assets. While that can sound a little scary at first, the good news is that you can dramatically improve your digital security with just a few easy steps. Not only will this help protect your funds on Coinbase, it can be applied to the rest of your digital life as well!When someone is able to log into one of your accounts to perform fraudulent activity, this is called an “account takeover”, or “ATO” for short. But how do these fraudsters get into your account in the first place? One common method is called a “SIM-swap.” In a SIM-swap attack, fraudsters will actually contact your wireless carrier pretending to be you, and persuade the customer service agent to redirect your cell service to a different device, by changing the SIM card number associated with your account (hence the name of the attack.) Once they succeed, they are able to receive all calls and SMS messages sent to your phone number — including any two-factor authentication codes sent to you via SMS. From there, fraudsters will frequently pair those SMS 2FA codes with stolen passwords to try and log into your email account, social media profiles, cloud storage accounts like Dropbox, or financial accounts like Coinbase.At Coinbase, we do a lot of work behind the scenes to detect and try to stop SIM-swap ATOs targeting our customers’ accounts. We also believe that using SMS-based two-factor authentication (2FA) is better than using no 2FA at all. That said, we encourage everyone to follow the two simple steps below and apply them to all the accounts they care about — not just their Coinbase accounts.Use a password managerYour passwords should be at least 16 characters, extremely complex and unique for your accounts. That’s hard to do by yourself, but password managers like 1Password or Dashlane can be used to create and remember your passwords.Are you currently using a password that has been exposed in a third-party data breach somewhere? You can check to see if you’re using a risky password by visiting haveibeenpwned.com/Passwords.Use 2-factor authentication (2FA)In addition to strong passwords, where available, use two-factor authentication (2FA). And always use the strongest type of 2FA the platform allows, ideally a Yubikey or similar hardware security key.If a service provider doesn’t allow Yubikey, use an authentication app like Google Authenticator or Duo Security instead of SMS-based 2FA if possible.If SMS-based 2FA is the only thing available, at the very least require a one-time 2FA code sent to your device every time you login so someone can’t access your account if they have stolen your password.If an organization doesn’t offer any of these options, consider not using that service.Staying vigilant in the wildIt’s not only important to play defense with the right security tools when protecting your accounts, but it’s also important to stay smart in the wild.Some guidelines:Don’t make yourself a targetDon’t brag about your cryptocurrency holdings online, just like you wouldn’t advertise inheriting $50 million.Review your online presence and see how much personal information someone could learn about you to steal your identity. (The good folks at Consumer Reports put together this self assessment.)Don’t fall for tricksHackers posing as tech support — even bad actors posing as Coinbase customer support specifically — may pressure you for account credentials. Coinbase will never ask you for passwords, 2FA codes, PIN numbers or for remote access to your computer.Coinbase will never ask you to create test accounts on other platforms or provide your ID or banking information over email or social media. We do not offer Facebook support chat and we will never call you by phone.If someone reaches out to you and you’re not sure if it’s a scam, you can reach out to security@coinbase.com to confirm whether it’s legitimate. And remember, Microsoft, Google, and Apple will never call you about your computer.Check the URLScammers create fake sites that look like real exchanges but are designed to steal account information. Double check the web address before you login into your account or input any of your credentials.If we emailed you and include a link, copy the link and paste it into a text editor before entering it into your browser to make sure you know where the link is really taking you.This phishing domain uses an Internationalized Domain Name (IDN) which closely resembles www.coinbase.com. However, looking closer will reveal that the domain is actually www.coįnbase[.]com (note the character accent below the “i”).While Coinbase has gone to great lengths to secure our environment, it’s important that everyone understands their role in maintaining the security chain. By following some basic security steps, you can make sure your crypto stays safe. To learn more, visit our Help Center.Tips on how to best secure your crypto was originally published in The Coinbase Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.
Read More

Be the first to write a comment.

Leave a Reply

Your email address will not be published. Required fields are marked *

Microsoft

Arkane Founder: ‘I Think Game Pass is Unsustainable’

The founder and former president of Arkane Studios Raphaël Colantonio, who left in 2019, took to social media weighing on the huge Microsoft and Xbox layoffs. “Why is no-one talking about the elephant in the room? Cough cough (Gamepass),” said Colantonio (spotted by VideoGamesChronicle). He added…

The founder and former president of Arkane Studios Raphaël Colantonio, who left in 2019, took to social media weighing on the huge Microsoft and Xbox layoffs.
“Why is no-one talking about the elephant in the room? Cough cough (Gamepass),” said Colantonio (spotted by VideoGamesChronicle).
He added…
Read More

Continue Reading
Microsoft

In the Wake of Xbox Layoffs, Founder of Dishonored and Prey Dev Arkane Slams Game Pass: ‘Why Is No-One Talking About the Elephant in the Room?’

Hot on the heels of the layoffs that have swept through Xbox, the founder of Microsoft-owned Arkane Studios has hit out at Game Pass, whose subscription model he called “unsustainable.” Raphael Colantonio, who founded the Dishonored and Prey developer and served as its president before leaving in 2017 to start Weird West maker WolfEye Studios

Hot on the heels of the layoffs that have swept through Xbox, the founder of Microsoft-owned Arkane Studios has hit out at Game Pass, whose subscription model he called “unsustainable.”

Raphael Colantonio, who founded the Dishonored and Prey developer and served as its president before leaving in 2017 to start Weird West maker WolfEye Studios, took to social media to ask: “Why is no-one talking about the elephant in the room? Cough cough (Gamepass).”

When asked to expand on his thoughts on Game Pass, which Weird West launched straight into as a day one title in March 2022, Colantonio said: “I think Gamepass is an unsustainable model that has been increasingly damaging the industry for a decade, subsidized by MS’s ‘infinite money,’ but at some point reality has to hit. I don’t think GP can co-exist with other models, they’ll either kill everyone else, or give up.”

Colantonio’s comment sparked a vociferous debate about the pros and cons of Game Pass in industry terms as well as for the customer. Microsoft’s subscription service has been called many things over the years: the death of the video game industry; the savior of smaller developers who benefit greatly from payments made by Microsoft to secure their games; and everything in between. During the great Xbox FTC trial to decide the fate of Microsoft’s $69 billion aquisition of Call of Duty maker Activision Blizzard, then PlayStation boss Jim Ryan claimed that he had talked to “all the publishers” and that, unanimously, they all hated Game Pass “because it is value destructive.” He also said Microsoft “appears to be losing a lot of money on it.”

Back in 2021, Xbox boss Phil Spencer countered Game Pass doomsayers, saying: “I know there’s a lot of people that like to write [that] we’re burning cash right now for some future pot of gold at the end. No. Game Pass is very, very sustainable right now as it sits. And it continues to grow.”

That was four years ago. What about now, in the wake of cuts that have seen Rare’s Everwild, the Perfect Dark reboot, and an unannounced MMO in the works at developer behind The Elder Scrolls Online all canceled?

Colantonio’s comments were backed by a number of industry peers, including the former VP of biz dev at Epic Games. Michael Douse, publishing director at Baldur’s Gate 3 developer Larian, said that the biggest concern right now revolves around what happens when all that money runs out. This, Douse added, is “one of the main economic reasons people I know haven’t shifted to its business model. The infinite money thing never made any sense.”

(It’s worth noting that Baldur’s Gate 3 has so far not launched in Game Pass or PlayStation Plus.)

Colantonio then ridiculed Microsoft’s insistence that launching games into Game Pass did not impact sales, only to later admit the contrary.

Douse responded to to say he prefers the Sony way of doing things. Sony’s PlayStation Plus policy is to keep first-party games off the subscription service at launch, only adding them some time later. That’s why you won’t see this year’s Sony’s Ghost of Yotei launch straight into PS Plus, but you will see Call of Duty: Black Ops 7 as a day one Game Pass launch.

“The economics never made sense, but at the same

Read More

Continue Reading
Microsoft

Microsoft denies shutting down operations in China

Microsoft China denied it would cease operations in the country, after a screenshot of an internal email from Wicresoft, a Microsoft outsourcing partner, fueled speculation about a potential exit. On Monday, several employees of Wicresoft shared screenshots of layoff emails on social media. The email cites geopolitical tensions and shifts in the global business landscape

Microsoft China denied it would cease operations in the country, after a screenshot of an internal email from Wicresoft, a Microsoft outsourcing partner, fueled speculation about a potential exit. On Monday, several employees of Wicresoft shared screenshots of layoff emails on social media. The email cites geopolitical tensions and shifts in the global business landscape [……
Read More

Continue Reading
Microsoft

Fake Microsoft Office add-in tools push malware via SourceForge

Threat actors are abusing SourceForge to distribute fake Microsoft add-ins that install malware on victims’ computers to both mine and steal cryptocurrency. …

Threat actors are abusing SourceForge to distribute fake Microsoft add-ins that install malware on victims’ computers to both mine and steal cryptocurrency. …
Read More

Continue Reading