This "coinbase.io" might look legit since it uses the same name as the exchange. However, if we follow basic preventive measures to avoid phishing scams, we shouldn’t fall victim to this. Activating 2FA security should be the answer, such scam attempts would never work if 2FA is in place.

I believe most exchanges including coinbase had already made 2FA mandatory, correct me if I'm wrong.