Binance Users Targeted by Sophisticated SMS Phishing Attacks
2min read Binance users are currently facing a wave of targeted SMS phishing attacks, which mimic legitimate alerts from the exchange. These attacks leverage leaked user data to create convincing messages, raising significant concerns over user safety and privacy. The phishing messages often contain alarming notifications about unauthorized activities on users’ accounts, such as changes to two-factor authentication settings, aiming to prompt immediate panic actions from recipients.
One effective phishing strategy involves claiming unexpected reports, such as a new Binance API pairing with Ledger Live, which urges users to contact a number provided in the message. This method bypasses common phishing techniques, pulling victims into the deception. Notably, some users have reported that these fraudulent messages arrive in the same text thread as their authentic Binance notifications, blurring the lines between real and fake communications and leading to further confusion.
Ask Aime: How do Binance users respond to phishing attacks and what is the impact on their trust in the exchange?
The illusion of authenticity is heightened when the phishing texts are sent from the same sender ID that Binance uses for legitimate messages, catching many users off-guard. The context of recent leaks, where approximately 230,000 combined user records from Binance and Gemini were reportedly put up for sale on the dark web, has further compounded these risks. Security analysts argue that these leaks stem from previous phishing attacks rather than any direct database breaches. The attackers behind this scam seem to be utilizing the leaked data, including personal details like names, phone numbers, and email addresses, to craft messages that look convincingly real and could fool even the most cautious users.
Moreover, the structure of these scam texts usually includes an urgent message asking, “not you?”—a tactic designed to spur immediate engagement with the fraudulent contact by prompting users to call instead of clicking any links. In response to the surging incidences of such smishing scams, Binance’s Chief Security Officer, Jimmy su, reached out to clarify the company’s proactive measures. Su stated, “We are aware of smishing scams on the rise… These scams appear to be more authentic…” underscoring the seriousness of the situation.
He elaborated on their recent decision to extend the Anti-Phishing Code to SMS alerts. Initially implemented for email communications, this unique identifier will appear in official Binance SMS messages, making it easier for users to discern legitimate communications from malicious ones. “By incorporating a unique Anti-Phishing code into Binance SMS messages, we are making it significantly harder for scammers to deceive our users,” Su affirmed. This update is crucial, especially as both registered and non-registered users report receiving suspicious messages.
Given that the SMS phishing attacks also target those who may not actively use Binance, it indicates that the attackers might be exploiting comprehensive databases to find potential victims. Users are ultimately encouraged to adopt robust security measures, including confirming any transactional alerts through Binance’s official app or website, utilizing multifactor authentication, and never sharing passwords or sensitive information over the phone. Reporting unsolicited messages to Binance’s customer support for verification is also strongly recommended.
As the landscape of cryptocurrency continues to evolve, so too does the sophistication of phishing scams. Binance’s proactive measures, including the newly implemented Anti-Phishing SMS code, highlight the exchange’s commitment to user security. Users must remain vigilant against these scams and ensure they are using proper verification methods whenever navigating their accounts. Be alert and stay safe in the crypto space.
