Last week, my phone rang around 1:30 in the afternoon. The screen showed a 650 area code — San Francisco. The number was unfamiliar, but it was labeled as coming from San Francisco, a city I associate with tech companies, media, and innovation.
Normally, I wouldn’t answer an unknown call. Most people don’t anymore. But given the location — and the fact that so many major tech firms are based there — curiosity got the better of me. I picked up.
That decision nearly cost me my Coinbase account.
“This Is Coinbase Security”
The man on the line introduced himself as Brian Miller from Coinbase’s security department. His voice was calm, professional, and confident. He immediately said there had been “suspicious activity” on my account and asked if I was trying to log in from Frankfurt, Germany, using an iPhone.
I told him no. I hadn’t been to Germany in decades, and I never used my phone to access my Coinbase account.
He said someone using the email address “Mohamad25@gmail.com” had gotten into my account and tried to make a transfer. Then he added a strange detail: the person claimed he’d lost his phone on an airport conveyor belt in Frankfurt and needed access.
After a brief pause, Miller said, “He’s trying to make another transfer right now.”
My stomach tightened.
Pressure, Fear, and Just Enough Truth
He went on to say the attacker somehow had my Social Security number, my phone number, and my email address. He even claimed they’d submitted a photo that matched my Coinbase face scan.
Then came the question meant to hook me:
“Have you shared your information with anyone recently, or noticed anything suspicious on other accounts?”
“No,” I said.
Looking back, the strategy is obvious. Create fear. Create urgency. Make the victim feel like something terrible is happening right now, and position yourself as the helpful professional who can stop it.
Later, information-science professor Rick Wash, who studies scams, explained it perfectly: technology matters, but the human factor is usually what scammers exploit most.
The First Crack in the Story
Something felt off, but the call was convincing — until he mentioned my photo.
“I never gave Coinbase a photo,” I said.
He pushed back immediately, saying I must have, due to know-your-customer rules. Then he repeated that another transfer attempt was happening, but he had temporarily stopped it.
I asked him to send me an email so I could confirm he really worked for Coinbase.
He said he’d just sent a case number. Then he read me a six-digit code and told me to check my inbox.
Nothing arrived.
So he “sent another one.”
This time, both emails landed in my spam folder.
They looked real. Coinbase logo. Professional layout. No typos. And the confirmation codes matched what he’d read to me over the phone.
But there was something strange.
They came from two different addresses — neither of which was actually Coinbase’s real domain.
Subtle Questions That Raised Big Red Flags
He asked when my last transaction was. I told him about a small crypto purchase I’d made recently.
Then he asked, “What are your total assets?”
That stopped me.
“Shouldn’t you know that?” I asked.
“Due to confidentiality, I can’t see it,” he replied.
I gave a vague range, suddenly embarrassed — and suddenly more alert. Real security teams don’t fish for that kind of information.
That’s when he pivoted.
He told me I urgently needed a “Coinbase hard wallet” and offered to walk me through setting one up.
I asked if I should change my Gmail password.
“Probably a good idea,” he said.
Then I asked if I should change my Coinbase password.
He hesitated.
“No,” he finally said. “That could freeze your account for weeks.”
That answer felt wrong.
The Moment Everything Clicked
I told him I had a meeting and couldn’t continue. He promised to call me back at 3 p.m.
As soon as we hung up, I reviewed everything. Some details lined up. Others didn’t. My account still looked normal.
Then I took the suspicious email addresses and ran them through an AI chatbot.
The response was immediate:
“This is almost certainly a phishing scam.”
It pointed out that real Coinbase emails don’t come from those domains, and that routing through odd third-party addresses is a classic scam technique.
Out loud, I actually said, “That was close.”
Confirmed: It Was a Scam
I contacted an old acquaintance who used to work in Coinbase’s communications department.
Her response was blunt:
“Coinbase doesn’t call customers. It’s a scam.”
She passed my experience along to current Coinbase staff. Within minutes, I received confirmation: the call was fraudulent.
The scammers had spoofed Coinbase’s name, copied their branding, and followed a polished script designed to push me into acting quickly — before thinking.
Why These Scams Are Getting Better
Coinbase later explained that scammers are becoming more sophisticated, often using AI tools to improve fake emails, automated calls, and even voice impersonation.
Cybersecurity firms are reporting massive increases in impersonation scams, with organized groups training young callers, providing scripts, and sometimes even voice-modulation tools.
And once crypto is gone, recovery is incredibly difficult. Transactions can be traced — but reversing them is another matter entirely.
The Most Dangerous Weapon: Urgency
The most powerful trick used against me wasn’t technology. It was emotion.
By telling me someone was actively stealing from my account while we spoke, the scammer triggered panic. My heart rate went up. My instinct was to stop the threat immediately — not to investigate it.
That’s exactly what scammers want.
Security experts and Coinbase both stress the same advice:
Slow down.
Verify independently.
Never act under pressure.
And remember: no legitimate company will ask you to move your funds to “protect” them.
Final Thought
I was minutes away from doing something I couldn’t undo.
If this story helps even one person pause before trusting an unexpected call, it’s worth telling.
Be careful out there.
