Digital pickpockets are phishing for Binance users’ login credentials in a creative spam campaign, Bitdefender Antispam Lab researchers warn.
The campaign, aimed at compromising the accounts of hundreds of thousands of Binance customers, began on Nov. 4 and is still going on, with 99% of the phishing emails originating from IP addresses in Brazil.
Phishers attempt to legitimize their correspondence by claiming to be from:
The perpetrators use a variety of urgent subject lines to make sure recipients pay attention to the email, including:
Recipients are urged to check an attached pdf labeled with a phony case number and review and confirm the so-called transaction. The enclosed pdf file warns users of “technical issues” with the trading platform and that all transactions need to either be confirmed or canceled to avoid “asset losses.”
The embedded “click here” button redirects customers to a blank page in their browser, leaving unsuspecting users with no option but to scan the QR code at the bottom of the message.
Scanning the QR code will lead recipients to a fake Binance webpage asking them to enter their phone number. After entering the number, a second page prompts users to fill in the password for their account.
The world’s largest crypto exchange platform by trading volume is no stranger to scams or cyberattacks. In 2019, Binance lost 2% (7,000 Bitcoin worth over $40 million) of the company's total Bitcoin holdings when attackers stole a large number of user API keys, 2FA codes, and potentially other information. Fast forward, to August of 2022, cybercrooks used a deepfake hologram of the company’s chief communications officer to trick crypto community members into participating in online meetings about potential opportunities to list assets on the trading platform.
How to protect against crypto phishing scams: