New SMS Scam Targeting Binance Users: How to Stay Safe

The Australian Federal Police (AFP) have issued a series of urgent alerts to Australians regarding a sophisticated new text message scam that targets cryptocurrency users. This scam has the ability to completely spoof sender IDs, making it even more challenging for victims to identify fraudulent communications.

Understanding the Scam

Recently, the AFP reported that over 130 individuals have been targeted by this new scam, which involves messages that mimic the sender ID of legitimate cryptocurrency exchanges, particularly Binance. The fraudsters send messages through both standard text and encrypted messaging platforms, impersonating representatives from Binance. These messages typically inform users of a supposed breach in their crypto accounts and instruct them to set up a new wallet.

According to a statement released by the AFP on March 21, “The messages allegedly contained fake verification codes and were often ‘spoofed,’ meaning they appeared in a legitimate existing message thread from the well-known cryptocurrency exchange.” This tactic makes it difficult for users to discern between genuine communications and scams.

How the Scam Works

The scam operates by sending a message that appears to come from Binance, complete with a support phone number. When victims call this number, they are instructed to protect their accounts by transferring their cryptocurrency to a so-called ‘trust wallet,’ which is actually controlled by the scammers. This allows the fraudsters to steal the victims’ assets.

Online text messaging services enable messages to be sent from a Sender ID, such as a company name, rather than a phone number. This feature can be exploited to spoof text messages, as reported by the Australian Broadcasting Corporation on March 1, 2019. Once a phone receives the fraudulent communication, it is grouped based on the Sender ID, appearing in the same thread as other messages with the same ID. This grouping further complicates the victim’s ability to identify the scam.

Challenges in Recovery

AFP Commander Cybercrime Operations Graeme Marshall highlighted the difficulties in recovering stolen funds. Once the cryptocurrency is transferred to the scammer’s wallet, it is quickly moved through a network of wallets, making seizure or recovery nearly impossible. This method of operation is reminiscent of previous scams where fraudulent emails impersonated other cryptocurrency exchanges, such as Coinbase and Gemini, attempting to trick users into setting up new wallets using pre-generated recovery phrases controlled by the scammers.

Identifying Red Flags

The AFP has outlined several red flags that can help users identify this type of scam:

Unsolicited contact from someone claiming to be from Binance regarding an account breach.
Pressure to act quickly without proper verification.
Requests for sensitive information or cryptocurrency transfers.

Expert Advice from Binance

Binance Chief Security Officer Jimmy Su emphasized the importance of verifying communications. In the AFP statement, he noted that scammers are exploiting certain telecom loopholes to manipulate sender names and phone numbers. Su advises users to utilize Binance’s official tools to confirm the legitimacy of any communication. If there is any doubt, he recommends stopping and verifying through official sources, such as the contact information available on the official Binance website.

Government Response to SMS Scams

In response to the rising threat of SMS scams, the Australian government has announced plans for an SMS Sender ID Register and an enforceable industry standard aimed at curbing similar fraudulent activities. This initiative is particularly relevant given that high-profile companies, including Australian airline Qantas and tech giant Apple, have also been targeted by scammers in the past.

Under the proposed standard, telecom companies will be required to verify that messages sent under a brand name correspond with a legitimate registered sender. They will also need to submit and provide their legitimate Sender IDs for the register. The SMS Sender ID Register is set to launch in late 2025, with a pilot program operating as a stopgap measure in the meantime, according to Australia’s Minister for Communications, Michelle Rowland.

Statistics on Cryptocurrency Scams

In August of last year, the AFP revealed that a staggering total of 382 million Australian dollars (approximately $269 million) had been lost to cryptocurrency scams. This alarming figure underscores the need for increased awareness and vigilance among cryptocurrency users.

Conclusion: Staying Safe in the Crypto Space

As cryptocurrency continues to gain popularity, so too do the tactics employed by scammers. It is crucial for users to remain vigilant and informed about the potential risks associated with cryptocurrency transactions. By recognizing the signs of a scam and taking proactive measures to verify communications, individuals can better protect themselves from falling victim to these sophisticated fraud schemes.