Binance users targeted in SMS phishing scam using fake security alerts

Phishing scammers have targeted Binance users in a new campaign using text messages. According to reports from users of the exchanges, the scammers are sending messages that look genuine.

Text messages shared by users follow a similar pattern. They call attention to a security issue and require the user to call a number to resolve it. By doing this, they bypass anti-phishing safeguards that detect malicious links but not phone numbers.

Users were getting alerts from various issues including reports of log-in from a different location, adding a new 2-factor authentication device, or connecting to a new hardware wallet.

So far, there has been no report of any victim, but users on X have alerted others about the risks, noting that Binance will never ask its customers to call a number. Meanwhile, one user mentioned that he called the number.

He said:

“New scam @binance …… it came from the same number you text me from aswell. Rang it, spoke to Abdul in Landan, who didn’t like my tone for some reason and hung up. Watch out people.”

Interestingly, several users claim the text messages come from the same sender ID Binance uses for communications, leading to more uncertainty among users about the authenticity of the messages.

Binance says the data leak is not from its systems

Meanwhile, there are speculations about how the scammers got user data. Many believe they bought it from the dark web and are now using it for a targeted campaign. According to one user, an anonymous actor recently offered a database of Gemini and Binance users for sale.

The user claimed that a 2019 leak of Binance Know Your Customer (KYC) data is the source of the database. However, Binance has denied this, noting that it examined the hacker’s data and that the records are not connected to Binance.

Nevertheless, Binance.US has warned users about phishing sites that impersonate its website. A post on X warned that scammers are using lookalike websites to collect user data. It added that users should always confirm the authenticity of the QR code and website link, as it will never request a multi-factor authentication code outside its platform.

Binance CSO warns users about InfoStealers malware

A potential explanation also comes from Binance Chief Security Officer Jimmy Su, who said in a recent post that hackers are gaining access to user data due to malware on user devices and not a breach of Binance systems.

According to him, the bad actors are using malware known as InfoStealers to collect users’ credentials from their browsers. He claimed the malware collects all information saved on browsers, including passwords and clipboard data.

He added that users can unknowingly download the malware through phishing links on social media, unofficial software downloads, and malicious add-ons. Therefore, he advised them to download software only from official sources and avoid saving passwords in browsers.

Su said:

“This is not an isolated case. Our security team continuously monitors dark web sources and malware campaigns to identify potential threats to our users.”

Meanwhile, Binance has now extended an anti-phishing code for SMS to enable users to recognize genuine text messages. The code, which is set by each user, accompanies every authentic text message from the exchange and is reportedly available in all jurisdictions where Binance has a license to operate.