So I put a cable modem on Craigslist for $30 today. Some dude texts me and says, hey I'm Alex, I'm calling from a google phone so you need to type in "51" in the keypad to enter our conversation. I live in a pretty predominantly Mexican neighborhood so probably thought it was weird but not that abnormal. I get the call, typed in the 51 and then an automated voice said "your account activation is complete."
I knew it was a scam and I did it anyway, thought, whatever, let's just play this out and see, what's the worst that can happen. Suddenly I realize I have my google Authenticator tied to my cell phone and after reading up on the scam the guy just did, I find out it's a common way to register my phone number to google voice.
My heart starts pounding… if he has my phone spoofed and I just authorized something through google, did this motherfucker just steal all the info he needed to get in to my coinbase account? Was my computer infected and all he needed was those two extra pieces of info? I run downstairs to my PC and in a panic type in my password. "Invalid password." Oh fuck oh fuck oh fuck. I finally am able to log on to my coinbase account. Change the password, change the Authenticator, recover and remove my phone from google voice, and immediately send whatever bitcoin I had to my trezor. It should have been on it already but I was lazy three days ago when I got it and only had set it up and sent a test amount.
I try to send my bitcoin and my computer says I'm not logged in anymore, I think this mother fucker and I are battling over who is in my account and it's a race to get my f#*%ing coins off coinbase or its all gone. For good.
I finally am able to make it work, and sent my coins and waited. I verified the address and everything and the coins made it off the exchange. After about 5-10 minutes of cursing myself for being so stupid, and having the voice of many on this sub constantly and every day warning me about this shit, having a flashback about that guy who used a bunk Authenticator with Verizon customer service screwing him out of $8K I finally calmed down when I saw my trezor show the btc received.
I swear dudes. Listen to the people here, and don't be lazy. Educate yourselves and be careful.
Afterward I sent a email to coinbase support and explained what happened and that I still want to use their service but to let me know if I need to do anything else if I continue using my account to ensure it is secure.
After reading up on it now, I found out that the google Authenticator is tied to the device only that you set it up on and not the phone number, something I didn't know, and would have saved me probably a TON of anxiety today. I haven't felt like that in a long ass time.
Be vigilant and don't let laziness make your decisions or regrets for you.