3 min read

Crypto Users Beware: Scammers impersonate Binance in QR code phishing email scam spotted by Bitdefender Antispam Lab

Alina BÎZGĂ

November 18, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Crypto Users Beware: Scammers impersonate Binance in QR code phishing email scam spotted by Bitdefender Antispam Lab

Digital pickpockets are phishing for Binance users’ login credentials in a creative spam campaign, Bitdefender Antispam Lab researchers warn.

The campaign, aimed at compromising the accounts of hundreds of thousands of Binance customers, began on Nov. 4 and is still going on, with 99% of the phishing emails originating from IP addresses in Brazil.

Phishers attempt to legitimize their correspondence by claiming to be from:

  • @Binance Support
  • @Support Smart Chain
  • B inance Exchange
  • Binance Ticket
  • [Binance] Exchange

The perpetrators use a variety of urgent subject lines to make sure recipients pay attention to the email, including:

  • Abnormal withdrawal check
  • Check this urgent transaction
  • Pending withdrawal on asset losses
  • Suspicious withdrawal check immediately
  • We need you to verify this withdrawal
  • Withdrawal blocked by security
  • Your withdrawal is under review - 384920A8

Recipients are urged to check an attached pdf labeled with a phony case number and review and confirm the so-called transaction. The enclosed pdf file warns users of “technical issues” with the trading platform and that all transactions need to either be confirmed or canceled to avoid “asset losses.”

The embedded “click here” button redirects customers to a blank page in their browser, leaving unsuspecting users with no option but to scan the QR code at the bottom of the message.

Scanning the QR code will lead recipients to a fake Binance webpage asking them to enter their phone number. After entering the number, a second page prompts users to fill in the password for their account.

The world’s largest crypto exchange platform by trading volume is no stranger to scams or cyberattacks. In 2019, Binance lost 2% (7,000 Bitcoin worth over $40 million) of the company's total Bitcoin holdings when attackers stole a large number of user API keys, 2FA codes, and potentially other information. Fast forward, to August of 2022, cybercrooks used a deepfake hologram of the company’s chief communications officer to trick crypto community members into participating in online meetings about potential opportunities to list assets on the trading platform.

How to protect against crypto phishing scams:

  • Scrutinize all unsolicited correspondence about your crypto assets, especially if it warns of suspicious activity or transactions
  • Check the sender’s email address and look for typos
  • Don’t click on any embedded link or, as in this case, scan any QR codes. Head to the official website instead to check for suspicious transactions
  • Report any phishing attempts directly to the crypto platform
  • Hover over links and verify the URLs before you to update your info or sensitive information
  • Use security tools that provide real-time protection against all e-threats, as well as anti-phishing and anti-fraud modules that detect and block scam websites

Dedicated software solutions such as Bitdefender Ultimate Security (US only) and Bitdefender Premium Security can help you fend off scamming attempts, with features like:

  • Real-time protection against cyberthreats (trojans, worms, viruses, zero-day, ransomware, spyware, rootkits, exploits)
  • Anti-phishing module that detects and blocks sites that purport to be legitimate to steal your credentials or assets
  • Anti-fraud filtering system that notifies you about potential website scams
  • Password Manager and Premium VPN
  • Cross-platform protection on Windows, Android, iOS and macOS
  • Identity theft protection, depending on your location and chosen plan

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

FIFA World Cup 2022: Scammers phish for personal data and Microsoft login credentials, Bitdefender Antispam Lab warns FIFA World Cup 2022: Scammers phish for personal data and Microsoft login credentials, Bitdefender Antispam Lab warns
Alina BÎZGĂ

November 23, 2022

3 min read
Crypto Users Beware: Scammers impersonate Binance in QR code phishing email scam spotted by Bitdefender Antispam Lab Crypto Users Beware: Scammers impersonate Binance in QR code phishing email scam spotted by Bitdefender Antispam Lab
Alina BÎZGĂ

November 18, 2022

3 min read
Cybercrooks Leverage Death of Queen Elizabeth II to Steal Users’ Microsoft Credentials Cybercrooks Leverage Death of Queen Elizabeth II to Steal Users’ Microsoft Credentials
Alina BÎZGĂ

September 15, 2022

2 min read