Binance
customers may have received an SMS last week encouraging them to participate in
a new lottery to win up to 100 EUR in cryptocurrencies.

Although
these texts appeared in threads with official announcements from the exchange,
they turned out to be scams. The platform is aware of such phishing attempts
but admits it is powerless to stop them.

At the end
of last week, Binance customers received SMS messages about winning in the
“Binance Mystery Box.” The texts informed that up to €100 in
tokens were available for claiming and that the offer was expiring on the same
day.

There is
confirmed evidence that Binance’s clients located in Poland received fraudulent
SMS messages attempting to steal their account information. Multiple Polish
Binance users, in discussions with Finance Magnates, validated that they
had personally received these phishing texts.

The
screenshot below shows a suspicious SMS that appeared in the same thread as
other messages delivered by Binance regarding login codes or account
verification processes.

The article continues under the screenshot:

Fake Binance SMS

Furthermore,
posts on social media document the receipt of fraudulent offers. Some comments
even suggested there might have been a potential data leak concerning phone
numbers, although the exchange claims no such infringement occurred.

Finance
Magnates
asked the Polish branch of Binance to comment on this matter. The company
said that to eliminate SMS security loopholes, modifying the entire GSM
technology system would be necessary, which “seems unrealistic” to the
company.

When we
asked a local cryptocurrency expert about encountering such scams in Poland, he
mentioned that he had never experienced these fraudulent SMS messages locally.
However, he noted that this scam is frequently seen in other countries.

The Origin of the Fake SMS
Scam

In response
to Finance Magnates, Binance explained that the GSM system, which SMS
messages operate on, allows the sender to fill in the “sender name”
field arbitrarily. Standard SMS applications and tools typically insert the
sender’s phone number in this field. However, entities like companies often
replace the phone number with a textual name, such as “Binance.”

“The
problem is that operators do not verify whether the sender sending the SMS is
legally authorized to use such a name, allowing fraudsters to use the same
name. As a result, a scam SMS has the same ‘sender name’ as legitimate SMS
messages from Binance, leading the recipient’s phone to attach this SMS to the
message history from Binance,” Binance Poland commented in Polish,
auto-translated to English.

Binance
added that Poland recently introduced regulations to reduce the prevalence of
this exploit, at least to some extent. This is enabled by registering sender
names and assigning them to specific entities by telecommunications operators.

“To
eliminate this security loophole in SMS, the entire world would have to modify
this technology, which seems unrealistic,” Binance Poland concluded in the
statement in Polish, auto-translated to English.

Phishing and Pig Butchering

This strategy is a typical phishing attempt aimed at extracting data from customers of popular cryptocurrency exchanges. Several months ago, Binance users from Hong Kong fell victim to this, losing nearly $500,000. In that case, the scam was even more sophisticated. Individuals posing as representatives of Binance contacted users, calling to perform a supposed account verification.

Binance, along with other exchanges, has recently been alerting about the growing popularity of an investment scam called “pig butchering,” which may be indirectly linked to phishing. The name refers to the practice of fattening a pig before slaughter. Victims are gradually lured into contributing more money into fraudulent crypto investments before ultimately being defrauded.

Binance
customers may have received an SMS last week encouraging them to participate in
a new lottery to win up to 100 EUR in cryptocurrencies.

Although
these texts appeared in threads with official announcements from the exchange,
they turned out to be scams. The platform is aware of such phishing attempts
but admits it is powerless to stop them.

At the end
of last week, Binance customers received SMS messages about winning in the
“Binance Mystery Box.” The texts informed that up to €100 in
tokens were available for claiming and that the offer was expiring on the same
day.

There is
confirmed evidence that Binance’s clients located in Poland received fraudulent
SMS messages attempting to steal their account information. Multiple Polish
Binance users, in discussions with Finance Magnates, validated that they
had personally received these phishing texts.

The
screenshot below shows a suspicious SMS that appeared in the same thread as
other messages delivered by Binance regarding login codes or account
verification processes.

The article continues under the screenshot:

Fake Binance SMS

Furthermore,
posts on social media document the receipt of fraudulent offers. Some comments
even suggested there might have been a potential data leak concerning phone
numbers, although the exchange claims no such infringement occurred.

Finance
Magnates
asked the Polish branch of Binance to comment on this matter. The company
said that to eliminate SMS security loopholes, modifying the entire GSM
technology system would be necessary, which “seems unrealistic” to the
company.

When we
asked a local cryptocurrency expert about encountering such scams in Poland, he
mentioned that he had never experienced these fraudulent SMS messages locally.
However, he noted that this scam is frequently seen in other countries.

The Origin of the Fake SMS
Scam

In response
to Finance Magnates, Binance explained that the GSM system, which SMS
messages operate on, allows the sender to fill in the “sender name”
field arbitrarily. Standard SMS applications and tools typically insert the
sender’s phone number in this field. However, entities like companies often
replace the phone number with a textual name, such as “Binance.”

“The
problem is that operators do not verify whether the sender sending the SMS is
legally authorized to use such a name, allowing fraudsters to use the same
name. As a result, a scam SMS has the same ‘sender name’ as legitimate SMS
messages from Binance, leading the recipient’s phone to attach this SMS to the
message history from Binance,” Binance Poland commented in Polish,
auto-translated to English.

Binance
added that Poland recently introduced regulations to reduce the prevalence of
this exploit, at least to some extent. This is enabled by registering sender
names and assigning them to specific entities by telecommunications operators.

“To
eliminate this security loophole in SMS, the entire world would have to modify
this technology, which seems unrealistic,” Binance Poland concluded in the
statement in Polish, auto-translated to English.

Phishing and Pig Butchering

This strategy is a typical phishing attempt aimed at extracting data from customers of popular cryptocurrency exchanges. Several months ago, Binance users from Hong Kong fell victim to this, losing nearly $500,000. In that case, the scam was even more sophisticated. Individuals posing as representatives of Binance contacted users, calling to perform a supposed account verification.

Binance, along with other exchanges, has recently been alerting about the growing popularity of an investment scam called “pig butchering,” which may be indirectly linked to phishing. The name refers to the practice of fattening a pig before slaughter. Victims are gradually lured into contributing more money into fraudulent crypto investments before ultimately being defrauded.





Source link