Cryptocurrency exchange Binance has been warning investors this past week of a large-scale phishing campaign. Scammers are sending SMS messages to crypto users, informing them of a withdrawal request from an unknown IP address — which they understandably may wish to cancel. Binance CEO, Changpeng Zhao, recently stated in a tweet that:
“There is a massive phishing scam via SMS with a link to cancel withdrawals. It leads to a phishing website to harvest your credential […] NEVER click on links from SMS! Always go to Binance.com via a bookmark or type it in.”
For your reference, see the phishing page below (note the number sequence in its URL, one of several flags).
Would-be victims have also taken to Reddit to share screenshots and relay how each phishing attempt played out. (Source: Reddit)
Content
- [Binance] Withdrawl code: 342819. If this was not generated by you, please click here: https://cancel8745200-binance-com[.]web[.]app
- [BINANCE] New login? Confirm: https://cancel8499204-binance-com[.]web[.]app
- [Binance] Withdrawal code: 299383. Don’t disclose this to anyone. To cancel, visit: {URL}
How to Protect Yourself
- Double-check the sender’s email address — does that align with the company/brand?
- Change your passwords immediately if you find your email appeared in any data leaks.
- Always go to the official website/application instead of using links from unknown sources. Use
Trend Micro Check
to surf the…
