Digital pickpockets are phishing for Binance users’ login credentials in a creative spam campaign, Bitdefender Antispam Lab researchers warn.
The campaign, aimed at compromising the accounts of hundreds of thousands of Binance customers, began on Nov. 4 and is still going on, with 99% of the phishing emails originating from IP addresses in Brazil.
Phishers attempt to legitimize their correspondence by claiming to be from:
- @Binance Support
- @Support Smart Chain
- B inance Exchange
- Binance Ticket
- [Binance] Exchange
The perpetrators use a variety of urgent subject lines to make sure recipients pay attention to the email, including:
- Abnormal withdrawal check
- Check this urgent transaction
- Pending withdrawal on asset losses
- Suspicious withdrawal check immediately
- We need you to verify this withdrawal
- Withdrawal blocked by security
- Your withdrawal is under review – 384920A8
Recipients are urged to check an attached pdf labeled with a phony case number and review and confirm the so-called transaction. The enclosed pdf file warns users of “technical issues” with the trading platform and that all transactions need to either be confirmed or canceled to avoid “asset losses.”
The embedded “click here” button redirects customers to a blank page in their browser, leaving unsuspecting users with no option but to scan the QR code at the bottom of the message.
Scanning the QR code will lead recipients to a fake Binance webpage asking them to enter their phone number. After entering the number, a second page prompts users to fill in the password for their account.
The world’s largest crypto exchange platform by trading volume is no stranger to scams or cyberattacks. In 2019, Binance lost 2% (7,000 Bitcoin worth over $40 million) of the company’s total Bitcoin holdings when attackers stole a large number of user API keys, 2FA codes, and potentially other information. Fast forward, to August of 2022, cybercrooks used a deepfake hologram of the company’s chief communications officer to trick crypto community members into participating in online meetings about potential opportunities to list assets on the trading platform.
How to protect against crypto phishing scams:
- Scrutinize all unsolicited correspondence about your crypto assets, especially if it warns of suspicious activity or transactions
- Check the sender’s email address and look for typos
- Don’t click on any embedded link or, as in this case, scan any QR codes. Head to the official website instead to check for suspicious transactions
- Report any phishing attempts directly to the crypto platform
- Hover over links and verify the URLs before you to update your info or sensitive information
- Use security tools that provide real-time protection against all e-threats, as well as anti-phishing and anti-fraud modules that detect and block scam websites
- Real-time protection against cyberthreats (trojans, worms, viruses, zero-day, ransomware, spyware, rootkits, exploits)
- Anti-phishing module that detects and blocks sites that purport to be legitimate to steal your credentials or assets
- Anti-fraud filtering system that notifies you about potential website scams
- Password Manager and Premium VPN
- Cross-platform protection on Windows, Android, iOS and macOS
- Identity theft protection, depending on your location and chosen plan