Cyber wrongdoers launch fresh Phishing SMS Swindle aimed at Binance Account Holders

Cyber wrongdoers launch fresh Phishing SMS Swindle aimed at Binance Account Holders

Beware of the Brewing Binance SMS Phishing Storm

Binance users have been swamped with a slew of crafty phishing text messages, mimicking the genuine articles they usually receive for official Binance updates. The similarities are so striking, it's easy to see that a cunning cybercriminal or gang is waging a calculated phishing war on Binance users.

The Aim: Hooking Binance Users with a High-Tech Phishing Campaign

The alarming texts under review by BeInCrypto have a uniform tone and format, hinting at a specific threat actor or crook behind the campaign.

The texts typically mention suspicions of unauthorized account activities, such as the addition of a new two-factor authentication device. More often than not, the scheme continues with a tip about an unexpected Binance API pairing with Ledger Live. The recipients are then persuaded to give a call to a specified number.

Some targeted victims claim these texts pop up in the same thread as their legitimate Binance notifications, causing confusion and enticing them to engage. Investigations by BeInCrypto have uncovered a surge in consumer complaints on X (formerly Twitter) caused by this scam.

Many users confess they were caught off guard by the scam because the malicious texts originated from the same sender ID Binance normally uses for authentic notifications.

While the criminals behind the campaign rake in the benefits from their scheme, they're cashing in on publicly reported leaks of user data on dark web forums. A hacker has been reportedly amassing Binance user data by compromising browser sessions on infected devices.

Last month, an estimated 230,000 combined user records from Binance and Gemini went on sale on the dark web. Cybersecurity experts pose that these leaks most likely stemmed from phishing attacks rather than direct system breaches.

The suspected group of malicious hackers is likely utilizing user data - names, phone numbers, and emails - to craft targeted messages that appear legitimate. Additionally, the pattern in these phishing attempts often involves a pressing "not you?" inquiry, encouraging recipients to phone a embedded contact line instead of simply clicking a link, thus bypassing the more prevalent scenario of phishing links in SMS.

Binance Upgrades Anti-Phishing Measures to SMS

In an exclusive email to BeInCrypto, Binance's Chief Security Officer, Jimmy Su, has acknowledged the growing smishing scams, where phishers impersonate legitimate senders via SMS, deceiving unsuspecting users into reveling sensitive data, clicking into phishing links, or transferring assets, resulting in asset loss.

Su also revealed that Binance has expanded its Anti-Phishing Code to SMS, which was initially offered for emails. This code, assigned by users, appears in official Binance messages, making it easier for recipients to differentiate between genuine notifications and impostors.

"By incorporating a unique Anti-Phishing code into Binance SMS messages, we are making it significantly more difficult for scammers to fool our users," Su stated.

The Anti-Phishing Code has already been distributed to all Binance-operated licensed jurisdictions. Notably, both registered and non-registered users have reported receiving suspicious text messages. It seems that the hackers might be exploiting databases containing phone numbers of individuals not actively utilizing Binance.

In light of these developments, BeInCrypto advises users to

1. Directly Verify Transactions: Always verify transactions and notifications directly through the official Binance app or website.
2. Enable Multifactor Authentication (MFA): Turn on MFA to add an additional security layer to your account.
3. Avoid Clicking Links: Abstain from clicking on links sent via SMS, instead, access the official app or website directly.
4. Never Share Credentials: Never divulge your password, MFA code, or sensitive information over the phone or via SMS.
5. Stay Informed: Stay up-to-date with Binance’s security alerts and updates to stay ahead of phishing tactics.

By following these guidelines, you can significantly lessen the risk of falling prey to sophisticated phishing campaigns targeting Binance users via SMS.

Just 3 simple steps to bag a guaranteed $10 bonus from eToro

1. Sign up
2. Transfer $100
3. Invest at your own risk, knowing that there's no protection if something goes awry. This is a high-risk investment.

Tip: Reporting dubious messages to Binance’s support team is strongly recommended. Users are also urged to confirm official communications by checking for the Anti-Phishing Code and carefully assessing any call-to-action to dial listed phone numbers in unsolicited messages.

1. The phishing campaign targeting Binance users is not only cleverly disguising itself as legitimate text messages, but it also seems to be using data from databases containing phone numbers of individuals who may not be actively using Binance.
2. Binance's Chief Security Officer, Jimmy Su, has highlighted the importance of the Anti-Phishing Code in distinguishing between genuine and fraudulent notifications. Users are advised to check for this code in all SMS messages they receive from Binance.
3. In addition to the Anti-Phishing Code, users are encouraged to directly verify transactions on the official Binance app or website, enable multifactor authentication (MFA), avoid clicking links in SMS messages, never share their credentials, and stay informed about Binance's security alerts and updates to further protect their accounts from phishing attacks.

Read also: