Phishing attackers aim at Binance customers by delivering false security warning text messages as part of their latest scam strategy.
The attackers duplicate official Binance communications to make victims dial numbers instead of clicking links as part of their avoidance technique against link-based security filtering. Under false pretenses, the messages pretend to detect security issues with accounts, including unauthorized logins, changes to two-factor authentication, and new hardware wallet insertions. Many users have observed the texts originate from a sender ID which matches the one Binance normally uses thus generating distrust about their genuineness.
Scammers use social engineering to evade detection
This scam uses telephone communication instead of standard phishing links to deceive users. Because of its design, this method helps scammers bypass detection systems that block dangerous web addresses. Various posts on X reveal identical spam messages, which push users into immediate responses. A user dialing the contact number faced aggression from the operator before receiving a disconnected call.
The user raised concerns because the incoming message came from what appeared to be Binance’s previous official contact number but SMS spoofing or a leak of sender IDs could be the reason for this. Despite the activity, there have been no confirmed reports of stolen funds. However, several users have posted warnings to raise awareness and remind others that Binance does not request users to make phone calls for account issues.
No evidence of data breach from Binance systems
The public has started speculating about the source of user data that scammers acquired. Speculation suggests the scammers acquired user information from dark web sellers since older leaks affected Binance and Gemini platforms. One user speculated that the data came from a 2019 KYC leak although Binance has dismissed this claim because the analyzed information did not come from their platforms. Binance.US has also issued alerts regarding fake websites that mimic the platform to collect user information. Users are advised to verify QR codes and avoid entering sensitive details outside the official Binance site.
Malware infections blamed for data theft
According to Binance Chief Security Officer Jimmy Su there exists another potential explanation. He linked the phishing assaults to InfoStealers malware due to his analysis. These malicious programs can detect stored passwords, copied data, and browser information from user systems. Su warned that users may install the malware unknowingly by clicking phishing links or using unofficial downloads. He advised using trusted sources and cautioned against saving passwords in browsers.Binance has extended its SMS anti-phishing code feature to help users identify genuine alerts.