Cryptocurrency exchange Binance has been warning investors this past week of a large-scale phishing campaign. Scammers are sending SMS messages to crypto users, informing them of a withdrawal request from an unknown IP address — which they understandably may wish to cancel. Binance CEO, Changpeng Zhao, recently stated in a tweet that:

“There is a massive phishing scam via SMS with a link to cancel withdrawals. It leads to a phishing website to harvest your credential […] NEVER click on links from SMS! Always go to Binance.com via a bookmark or type it in.”

For your reference, see the phishing page below (note the number sequence in its URL, one of several flags).

Would-be victims have also taken to Reddit to share screenshots and relay how each phishing attempt played out. (Source: Reddit)

Content

• [Binance] Withdrawl code: 342819. If this was not generated by you, please click here: https://cancel8745200-binance-com[.]web[.]app
• [BINANCE] New login? Confirm: https://cancel8499204-binance-com[.]web[.]app
• [Binance] Withdrawal code: 299383. Don’t disclose this to anyone. To cancel, visit: {URL}

How to Protect Yourself

• Double-check the sender’s email address — does that align with the company/brand?
• Change your passwords immediately if you find your email appeared in any data leaks.
• Always go to the official website/application instead of using links from unknown sources. Use Trend Micro Check  to surf the web safely (it’s free!).

As ever, if you’ve found this article an interesting and/or helpful read, please do SHARE with friends and family to help keep the online community secure and protected. While you’re at it, check our Trend Micro Maximum Security below too!