Week 3: Scam SMSs on behalf of the cryptocurrency exchange Binance

Languages

Service navigation

Search

Navigation

Week 3: Scam SMSs on behalf of the cryptocurrency exchange Binance

21.01.2025 - Recently we have seen an increase in calls from purported banks about alleged security problems or fake invoices from various service providers. What is special about these cases is that the victims are not tricked into clicking on a link, but into calling a number. Phone calls allow scammers to better engage with victims and keep them on the line – this extra effort is likely to be worthwhile as it increases the scammers’ chances of success. Last week, the crypto trading platform Binance was the focus of scam attempts.

Scammers now use all channels available to them for phishing scams. In particular, phishing by telephone has recently become more common. Last week, a phishing attempt in the name of the cryptocurrency exchange Binance attracted particular attention. The attackers used various stories to try and get the victim to call them.

In one case, the victim received an SMS claiming that their passkey had been reset and that if it wasn't them, they should call Binance. A Swiss phone number was provided.

SMS used in a scam attempt.
SMS used in a scam attempt.

In another version of the scam, victims receive an SMS claiming that a new smart contract or device has been added to their account. Again, they are asked to call the number provided if this was not them.

SMS used in other versions of the same type of scam.
SMS used in other versions of the same type of scam.

If you fall for the scam and call the number provided, you will be asked for your name and account balance. The callers also want to know if you have any other crypto accounts. They will then tell you that because your current account has allegedly been hacked, you need to open a new, secure crypto wallet and transfer all your crypto assets to it. What they don't tell you is that they will be able to access this new account or wallet, and move your money wherever they want.

Scammers make it look like their text messages are coming from the real Binance phone number. Because the messages appear in the same SMS folder on your phone as legitimate Binance messages, it is very difficult to tell that they are fraudulent. Interestingly, most of the messages are addressed to people who actually have an account with Binance: in virtually all cases reported to us, the victims had also received legitimate SMS messages from Binance before they were scammed. So it would seem that the attackers are taking a very targeted approach in these cases. But how did they get the information? There are several possibilities.

Was there a data breach?

There have been rumours in the past that Binance has been the victim of a data breach, which Binance has always denied. There is also no evidence on the Have I Been Pwned website that such a breach has occurred.

A trick with the login window?

There are other ways to find out which phone numbers are associated with Binance accounts – for example via the login window. If you attempt to log in to Binance with a phone number that is not associated with an account, you will receive an error message. This does not happen if a corresponding Binance account exists – instead, two-factor authentication is triggered and an SMS sent to the account holder. Scammers can therefore easily check if you have a Binance account by entering your number in the login window. In fact, some of the scam victims recall receiving a two-factor authentication SMS from Binance some time ago. This security risk is precisely the reason why many companies do not display such error messages.

Above: A legitimate two-factor authentication-triggered SMS from the day before. Below: SMS sent by the scammers.
Above: A legitimate two-factor authentication-triggered SMS from the day before. Below: SMS sent by the scammers.

Or a fake competition?

In some cases, victims recall receiving an SMS purporting to be from Binance about a supposed prize draw some time before they were scammed. Victims were tricked into believing they had won something and should provide their contact details to claim it. This may have been a way for scammers to identify phone numbers associated with Binance accounts. 

Above: Scam SMS sent some time ago about a fake prize draw. Below: Scam SMS designed to trick the victim into calling the scammer.
Above: Scam SMS sent some time ago about a fake prize draw. Below: Scam SMS designed to trick the victim into calling the scammer.

Whatever approach the scammers use, it is important not to be alarmed by such text messages and to react calmly. 

Recommendations

  • Never call phone numbers you have received by email or SMS.
  • If in doubt, go to the company's official website and call the phone number provided there.
  • If you are not sure who a phone number belongs to, find out who the owner is before you call.
  • Do not allow anyone to remotely access your devices.

Last modification 21.01.2025

Top of page

https://www.ncsc.admin.ch/content/ncsc/en/home/aktuell/im-fokus/2025/wochenrueckblick_3.html