Consumer Protection Tuesday: The Top Red Flags of Social Engineering Scams and How to Avoid Them

This post is part of a weekly Tuesday series at Coinbase about the latest consumer protection and security measures for crypto owners.

At Coinbase, we’re on a mission to help update the financial system to make it safer and more secure. While only 0.14% of blockchain transactions are used for illicit activity, and cash remains the preferred medium for illegal transactions, crypto security is always a top priority. Coinbase maintains a robust compliance program, which includes Know Your Customer (KYC) checks, sanctions screenings, suspicious activity reporting, and strong law enforcement partnerships to detect and prevent illicit activity on our platform.

Why Social Engineering Is So Dangerous

At its core, social engineering isn’t about hacking software—it’s about hacking people. These scams exploit trust, emotion, and a false sense of urgency to bypass common sense and steal information or money.

Criminals are getting more sophisticated, using AI to clone voices, fake identities, and replicate legitimate websites. And because these scams feel personal, they often work. That’s why learning to spot the signs can make all the difference.

Five Common Social Engineering Red Flags

Below are five warning signs that you're being targeted by a social engineering scam—plus how to respond safely.

1. Pressure to Act Fast

Scammers don’t want you to think—they want you to react. A core tactic of social engineering is to make you believe that something bad will happen if you don’t act right now.

Examples:

• “Your account is compromised. You must move your funds immediately.”

• “We need payment today or your Social Security benefits will be frozen.”

• “You’re under investigation—send crypto to this secure wallet for safekeeping.”

Slow down. Ask questions. Real companies and government agencies won’t demand immediate action.

2. Impersonation of Authority

These scams often begin with a call, email, or text from someone pretending to be a trusted source: a bank employee, a federal agent, a tech support specialist.

Examples:

• Calls from “the IRS” asking for payments

• Texts claiming to be your bank, warning of suspicious transactions

• Emails from fake tech support requesting remote access to your device

Hang up or ignore the message. Call the organization directly using their official website.

3. Emotional Manipulation

As we outlined in last week’s blog post, social engineers know how to push emotional buttons. Whether it’s fear, love, guilt, or sympathy—they'll use it to get what they want.

Examples:

• A romance scammer asking for help with a medical emergency

• Someone claiming to be a family member in trouble needing fast funds

• A new online friend introducing a “guaranteed” investment opportunity

Never send money or personal information to someone without confirming their identity—even if their story sounds convincing.

4. Unusual Payment Requests

If someone only accepts payment in crypto, gift cards, or wire transfer, that’s a major red flag.

Examples:

• QR codes that send crypto to an unknown wallet

• Requests for Apple or Google Play gift cards

• Demands to wire funds internationally

No government or business will ever solely accept payment via non-traditional methods. If they do, it's likely a scam.

5. Suspicious Links or Attachments

Social engineering often takes the form of phishing—emails or texts with links designed to steal your login credentials or infect your device.

Examples:

• “Your Coinbase account has been suspended—log in now to restore access.”

• A fake invoice or order confirmation with an unexpected attachment

• A message from a friend sharing a link out of the blue

Don’t click. Go directly to the official site or app to verify the issue.

The Bottom Line: Think Before You React

Scams succeed when people are caught off guard. But recognizing these red flags gives you the power to slow down, verify, and avoid becoming a victim.

How to stay safe:

• Talk to someone you trust before responding to unexpected requests.

• Set up multi-factor authentication on all your financial accounts.

• Report scams to the FTC and your state’s consumer protection office.

• Share what you’ve learned, especially with elderly or vulnerable loved ones.

At Coinbase, we believe awareness is a powerful form of protection. The more we educate ourselves and each other, the harder it becomes for scammers to succeed.