It is not new that criminals use text messages (SMS) to scam with cryptocurrencies. The latest warning of this type of scam came from none other than Binance CEO Changpeng “CZ” Zhao.
CZ warned about a new scam this Friday (4). The trap, according to him, consists of sending messages with a link that requests the cancellation of withdrawals on the platform. However, the link is fake and redirects the user to a website controlled by the scammers.
Once on this site, criminals manage to steal user account access data on Binance. CZ did not explain what data is stolen, but it is possible that scammers are able to access accounts and steal balances.
“There is a huge SMS phishing scam with a link to cancel withdrawals. It leads to a phishing website that steals your data, as in the screenshot below. Never click on SMS links! Always go to http://binance.com via a bookmark or type it in (the address),” warned CZ.
Authentication risk
Phishing is the name given to any type of telecommunication fraud that uses social engineering tricks to obtain victims’ private data. In the Binance example, criminals use SMS to impersonate the exchange and try to steal customer data.
This is because most customers use SMS to perform two-factor authentication (2FA), which is an additional layer of security. However, if a hacker has access via SMS, he can bypass 2FA or even use it to access the account without the user knowing.
In September 2021, Binance users had already reported an attempt to phishing through SIM card cloning, as reported by CriptoFácil. With the cloned SIM card, hackers were able to bypass 2FA and make withdrawals from user accounts. The process worked like this:
- the chip (in all cases, belonging to the operator Claro) stopped working;
- there was the cloning of the chip
- hackers access Binance and ask to reset password;
- with the cloned chip, hackers are able to receive the code by e-mail and to the cell phone;
- the hacker logs into your Binance account with the new password and creates an API key;
- waits for the release time and requests the withdrawal, without needing SMS or email confirmation because of the API key.
Binance highlights security measures
In both cases, the responsibility for the attacks did not lie with Binance, as the hackers send the SMS directly to cell phones. Thus, the user needs to be careful and create security measures to avoid this type of scam. check bitcoin prime for more information
The first one is simple: never click on any link sent by SMS from a suspicious source. The scam starts from the moment the link is opened, so not clicking is the biggest protection against attacks.
Mayra Siqueira, general manager of Binance in Brazil, spoke to CriptoFácil about the case. She stressed that the exchange takes constant steps to protect its users.
“Security is the number one priority at Binance. We invest countless hours and resources to ensure our platform stays secure, including incorporating data analytics and AI technology to help us prevent attacks.”
Second, avoid using SMS or email to activate 2FA as these can be hacked. Instead, prefer apps like Authy or Google Authenticator. Another option is to use a physical 2FA such as KeyID or Ubikey, which are not in contact with the internet.
Read also: Central Bank confirms leak of more than 2 thousand Pix keys
Also Read: Axie Infinity Announces Season 20 With SLP Earnings Reduction
Read also: Brazilian expert comments on the launch of China’s digital currency at the Winter Olympics