I was targeted by scam the other day that was actually really good, and almost got me.
They called claiming to be from coinbase, alleging an unrecognized withdrawal from my account. Right off the bat coinbase's interface makes it extremely difficult to track USD deposits/withdrawals so it wasn't quick and easy to log in and see that nothing had been withdrawn unless I remembered offhand exactly how much was in my account yesterday. But here is where things got really good.
Firstly, they said the withdrawal was triggered from a computer in Salt Lake City, which is about 45 minutes from where I live. So just close enough for me to consider that it could have been me and the locator not specific enough, but also far enough that I would be suspicious about it.
Then they started confirming my account details, which they must have gotten from one of those big data breaches. They wanted to confirm that my email was still XXXX and my phone number XXXX and my last 4 of SSN XXXX and they had all the info right. So far no reason to suspect this wasn't actually Coinbase calling, they hadn't asked me to provide any compromising details on my end, etc. It was a regular sounding American dude on the other end.
Then they gave me a case number of something like 17779283, and asked me to click a URL they were texting me to log in and view the withdrawal request so I could confirm if it was me or not. This is where I caught them, as the URL they sent me was
www.17779283-coinbase.com. Of course I recognized that the URL isn't actually coinbase.com, which I mentioned to them and they relatively plausibly explained that it was coinbase.com, just a custom generated URL with the case number that they had previously given embedded in the URL. Again, regular friendly sounding American dude that was relatively charismatic.
I wasn't convinced, but I'd imagine a lot of people would be. The link went to a page that looked just like the coinbase login page, but I'm assuming once you enter your username and password it was just data entry fields submitting your username/password to them, which they could then use to log in to your account on the real coinbase.com and do whatever they want with your account.