The cryptocurrency exchange Binance has announced on the social media platform X that they are taking measures to ensure the safety of users' assets and combat fraudulent activities. As part of this, Binance plans to deploy a new security feature to help users verify the authenticity of text messages (SMS).
This announcement comes after the rise of a new form of SMS phishing scam targeting Binance users. Fraudulent messages have appeared alongside official SMS notifications from the platform. It is believed that the scammers may have impersonated the official SMS sender or exploited vulnerabilities in the SMS gateway, or even collaborated with malicious SMS providers to spoof the sender number.
How Do Fake SMS Phishing Scams Work?
The SMS spoofing attacks primarily rely on psychological manipulation. In these cases, the scammers impersonate a trustworthy source to trick the victim into sharing sensitive information, such as wallet details or making a transfer.
One victim shared their experience of receiving a suspicious SMS message from the Binance phone number they usually receive verification codes from. The message falsely claimed that their Binance account was being accessed from North Korea, causing the victim to panic, especially after the recent hack targeting the Bybit cryptocurrency exchange. Acting hastily without due consideration, the victim called the number provided in the message.
A person with a British accent answered the call and guided the victim to set up a SafePal wallet, claiming it was a Binance partner and providing a blog post as evidence. The scammer then proceeded to inquire about the victim's account assets, ultimately coercing them to transfer all their funds for "investigative purposes."
Following the instructions, the victim set up the wallet and began withdrawing funds from their Binance account. However, they eventually became suspicious. After consulting a trusted contact at Binance, they realized they had fallen victim to a scam.
How to Identify Fake SMS Phishing Scams?
In addition to the announcement about the new security feature, Binance also provided guidance to help users protect their assets from scams. The exchange recommends that users always verify the source of any message before responding. If you receive an unsolicited or suspicious message, be especially cautious.
How to verify Binance messages:
- Users can verify Binance-related messages using the Binance Verify tool or by sending a screenshot of the message to the Binance support team.
- For other platforms, directly contact the official website or trusted communication channels.
Important security measures:
- Enable two-factor authentication (2FA): This additional layer of protection guards against attacks, including SMS spoofing. Users should enable 2FA wherever possible and only enter 2FA codes on official websites.
- Carefully check message content: Ensure the message aligns with the action you intend to take, without any discrepancies.
- Do not share sensitive personal information: Do not provide passwords, credit card numbers, social security numbers, or other personal documents via messages, especially to unverified contacts.
Important note about links in messages:
- Do not click on any links received via messages without verifying their legitimacy. These links may lead to phishing websites aimed at stealing login credentials or installing malware.
- Always check the URL before accessing and avoid websites without a secure encryption icon (e.g., use HTTPS, not HTTP).
- To verify the authenticity of any links, emails, phone numbers, WeChat, Twitter, or Telegram accounts related to Binance, users can use the Binance Verify tool.
In summary, Binance is enhancing security and implementing a new feature to help users verify SMS messages. Users need to be vigilant against increasingly sophisticated scams and take measures to protect their accounts.
