Phishing And Scams, How to Secure Your Binance Account.
Phishing is a type of social engineering where an attacker sends a fraudulent (“spoofed”) message designed to trick a human victim into revealing sensitive information to the attacker or to deploy malicious software on the victim’s infrastructure like ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim is navigating the site, and transverse any additional security boundaries with the victim.
Most phishing messages are delivered by email, and are not personalized or targeted to a specific individual or company–this is termed “bulk” phishing. The content of a bulk phishing message varies widely depending on the goal of the attacker–common targets for impersonation include banks and financial services, email and cloud productivity providers, and streaming services. Attackers may use the credentials obtained to directly steal money from a victim, although compromised accounts are often used instead as a jumping-off point to perform other attacks, such as the theft of proprietary information, the installation of malware, or the spear-phishing of other people within the target’s organization. Compromised streaming service accounts are usually sold directly to consumers on darknet markets.
Common Scams and External Threats on Binance Accounts.
1. Impersonating Binance staff.
Scammers create very similar and impersonating social media accounts of Binance Angels and staff, then they claim to offer some sort of help or a very enticing offer or announcement. Scammers might impersonate the Binance Customer Service team and contact you outside of our official channels. Please note that Binance Support staff will never ask you to reveal any sensitive information or send money to any address for any reason.
If you suspect that you are chatting with a scammer, please report your case to our Security Team Agent immediately.
2. Phishing attack.
Before text and verification scams ravaged the cryptocurrency industry, phishing scams were the most popular option used by scammers. All they have to do is trick people into clicking a corrupt link. Typically, phishing scammers send an email from a fake address that looks just like the official Binance email. They might ask you to update your password to continue using your Binance account, log in to claim a reward, or just write any message that will tempt you into logging into your account.
Typically, phishing scams are sent via email, however, some Malaysian hackers will use text messages. They’ll send a misleading message along with a link to log in to your account. This link will redirect you to a fake website that looks just like Binance. As soon as you fill in your login details, the hackers will have everything they need to take control of your account.
3. Account Blocking Scam
Binance users have also reported experiences with scammers who claim to be law enforcement agents or even Binance staff. These scammers send a text message with a threat, claiming your account will be permanently banned if you don’t follow their instructions. After the text message is sent, the user receives a telephone call requesting the code on the text message.
The scammers can also claim that your account has already been blocked and a Binance staff will contact you via WhatsApp to help resolve the issue. In any case, don’t follow their instructions or you’ll lose all your funds.
4. The QR Code Scam
This is another version of the account-blocking scam. This scam involves a QR code through WhatsApp along with a message stating your account is under investigation or has been blocked due to suspicious activity. Like most of the common scams, they’ll contact you as a fake Binance staff member on WhatsApp.
You’ll receive a WhatsApp message prompting you to verify your account. The scammer will also send a QR code with instructions on how to scan and send the code to reboot your account. As soon as you do this, the scammer gains access to your account and clears your funds.
5. Verification Code Scams
The verification scam is one of the most common scams in the financial sector. Over the years, this scam has become dominant in Malaysia’s crypto scene. Traditionally, security measures like 2-factor authentication and one-time verification codes make it challenging for scammers to withdraw a user’s funds from Binance, even when they have their login details.
Scammers who successfully log in to a user’s Binance account may be able to initiate a withdrawal request. However, they will be unable to get the cash until they input the verification code. Once the code is sent directly to the user’s phone number, the hacker impersonates a Binance staff member on WhatsApp and will try to convince you to give the code. . They may claim that the code is needed to secure your account.
Protecting Your Binance Account With Few Easy Steps.
- Using a Strong And Secure Password.
Having a strong password is an excellent first step, but it doesn’t mean you’re set forever. It’s also good practice to change your passwords regularly, as attackers may have ways to obtain your passwords regardless. This is not only true for your Binance account, but also for your email associated with your Binance account.
While we’re at your email, here’s another point to consider — it’s beneficial to use different email addresses for different accounts. This way, you can mitigate some of the potentially detrimental effects of data breaches. Especially if you’re using an old email account, there’s a high chance that it has been part of a breach in the past. However, if you’re using dedicated email addresses for each service, there’s a smaller chance that a breach will affect multiple of your accounts. The website Have I Been Pwned is a great resource to check if any of your accounts were ever the victim of a data breach.
Please note that once you change the password of your Binance account, you won’t be able to withdraw funds in the following 24 hours. This is to prevent potential attackers from locking you out of your account while withdrawing your funds.
2. Enable Two-Factor Authentication (2FA).
Activating Two-Factor Authentication (2FA) should be among the first things you do after creating a Binance account. Binance supports two types of 2FA: SMS and Google Authentication. Out of these two, we recommend Google Authenticator. Just make sure to write down your reset key in case you need to transfer your 2FA codes to a new mobile phone.
To be properly protected by 2FA, your account must require at least 2 locks before granting access. Binance offers various 2FA verification methods:
- Security Key (e.g., YubiKey)
- Binance Authenticator
- Google Authenticator
- Mobile phone (SMS)
Steps on how to completely set up your 2FA are in the link above, or better still, click here.
3. Learn about phishing.
Phishing is a type of attack where a malicious actor tries to pose as someone else (for example, a business) to obtain your personal information. It’s one of the most common attacks out there, and you should be wary of it.
As a general rule of thumb, it’s best to only visit Binance from a saved bookmark instead of typing the address each time. If you haven’t already, feel free to bookmark the link right now: https://www.binance.com With this simple step, you can already avoid a good chunk of the fake Binance websites that aim to trick you into getting access to your account information.
The Anti-Phishing Code feature allows you to set a unique code to be included in all your Binance notification emails. By enabling the Anti-Phishing code, you’ll be able to tell if the notification emails you’re receiving from Binance are genuine.
If you’re reading the above article and it feels all new and strange, that’s probably because you don’t have a binance account already, you can sign up for a binance account here, and win $100 sign up bonus to start your trading!
To get started on Binance futures, you can create a Binance futures account and start trading .
Always remember to keep your account safe and secured at all times, if you are confused about any of these steps, you can go through them again, or better still, click here.
Happy Trading! WGMI!
