Key takeaways

  • Social engineering is a category of manipulative strategies used by cybercriminals that involve exploiting human psychology, often through emails (phishing), phone calls or direct messages, in order to extract money to their victims.

  • Digital footprints can reveal sensitive information that criminals use to target individuals with social engineering techniques, making management and control of personal information essential to mitigate potential risks.

  • Binance and its users have an important role to play in combating social engineering scams. Users should educate themselves about potential threats and exercise vigilance, while Binance's contribution to this fight lies in continually improving security measures and working with law enforcement to stem threats. scams at the source.

  • If you receive a random direct message from someone claiming to be from Binance, it's likely a scam. Never share your BUID or personal information with others, and only use the official customer service chat link through the Binance app or website.

Here's how you can help fight social engineering scams, protect yourself, and help the Binance community.

With social engineering scams on the rise in the cryptocurrency space, it is essential that we consider all the roles we must play. Countering this threat is an essential part of risk management, and Binance takes the responsibility for the security and privacy of users on our platform very seriously. As far as users are concerned, the best way to ensure security is to be vigilant and be aware of this threat.

If you're not familiar with social engineering scams, consider this your crash course. You will also find out how we can help you.

Make sure you understand how Binance representatives will contact you

Before we get into the details, as a Binance user, you should always be aware of the legitimate ways we can contact you. Binance will only use official and verified channels to contact its users, including:

  1. Official Binance Domain Emails

  2. Notifications via l’application

  3. Announcements on the official Binance website

  4. Verified social media accounts

  5. Customer service portal on the Binance website.

It is also important to keep in mind that Binance will never ask for personal or sensitive information through direct messages, phone calls, or unofficial communication channels.

To further strengthen your security, you can use Binance Verify. This tool allows you to check if the person contacting you officially represents Binance. Simply enter the website link, email address, phone number, Twitter account, or Telegram ID of the person who contacted you.

If someone claims to be a Binance employee or advisor and you have doubts about their authenticity, contact our customer service team. We will then be able to help you verify the legitimacy of the messages you have received.

What is social engineering and how does it work?

Social engineering is a set of manipulative strategies used by cybercriminals to trick individuals into disclosing sensitive information, granting unauthorized access to personal accounts, or performing other actions for the benefit of the hacker.

Social engineering exploits human psychology and people's general trust. Criminals will pose as colleagues, friends or authority figures and use various techniques to get their victims to comply with their instructions. These include phishing emails, phone calls or direct messages that compromise the security of the targeted individual or their organization.

Let's look at some examples. Imagine you receive a call from your bank asking you to confirm your personal information and credit card details. However, after following these instructions you will notice a number of charges on your card. It was not your bank at all but, in fact, a scammer using social engineering methods.

You might even be added to a group chat on a popular messaging app, where the administrators claim to represent a cryptocurrency exchange. There may also be a supposed investment opportunity advertised in the chat promising high returns, but with an imminent deadline. Other members of the chat may then also agree to participate immediately, creating a feeling of FOMO that may tempt you to send funds to an unknown address.

In truth, cryptocurrency exchanges like Binance do not contact users this way. Binance only communicates through its official and verified channels, and will never solicit via SMS or by adding users to chats.

Your digital footprint and its implications for the security of your personal data

The digital footprint of any Internet user can be a gold mine for scammers using social engineering. A digital footprint refers to the online traces of your activity or identifiable data that remains on the Internet, such as social media posts, browsing history or search queries.

These digital artifacts can compromise the security of your personal data because they reveal sensitive information that can be used to exploit or target you. Your social media post can be used to find out that you are planning a trip to Thailand, for example. A malicious actor could then use this to tailor their social engineering scam to your situation in a way that increases their chances of gaining your trust.

Digital footprints also accumulate over time, creating a comprehensive and often permanent record of your online activity. It is therefore essential to manage and control your digital footprint to mitigate potential privacy and security risks.

Emerging social engineering threats and tactics

In recent years, we have seen an alarming increase in social engineering attacks. The methods used are constantly evolving with technology, making it difficult for users to identify and avoid the latest scams. New digital communication methods provide scammers with more opportunities for deception and exploitation.

Cybercriminals are increasingly using social messaging platforms to find victims and carry out social engineering attempts. A scammer can pose as a friend, colleague, or official by copying information from their accounts and other forms of online presence.

As these social engineering threats become more widespread, users must prioritize their digital security to protect their personal information. To help you stay vigilant, let's take a look at some of the most common tactics in use today.

  1. Phishing: Scammers contact target people via email, SMS or messaging posing as representatives of reputable entities to trick recipients into clicking on malicious links, disclosing sensitive information or downloading software malicious.

  2. False pretense: Scammers follow a communications script to gain victims' trust and obtain personal data, such as posing as a customer service representative from a bank or technology platform needing details at verification purposes.

  3. Lure: Cybercriminals lure victims with promises of free goods or services, tricking them into clicking links or downloading files that compromise their security.

  4. Quid pro quo: Scammers offer a seemingly valuable service or item in exchange for sensitive information or access to the victim's systems.

  5. Spear-phishing: Custom phishing attacks targeting specific people or organizations using detailed and convincing custom scripts to maximize the chance of success.

  6. Watering hole: Scammers compromise a website frequently used by the target group, injecting malicious code that infects visitors' devices.

How does Binance work to prevent social engineering scams?

Protecting our users is a top priority for Binance. As part of these efforts, we are committed to preventing social engineering scams by implementing robust security measures and constantly educating users about common scams.

Binance uses a wide range of security mechanisms, including multi-factor authentication, advanced verification processes, and continuous monitoring of suspicious activity on the platform.

Binance also regularly collaborates with cybersecurity experts and law enforcement to stay informed of new threats. By working together, industry players can develop proactive solutions to combat social engineering attacks.

Nils Andersen-Röed, Deputy Director of Financial Crime Compliance at Binance, said: “We have always believed that effective security is collaborative, and the blockchain industry is no exception. At Binance, we have found that our collaboration with public and industry stakeholders globally complements our own efforts to create a safer and more secure ecosystem for our users. However, it is equally important to ensure that users themselves are involved in their protection process and in the protection of their assets. »

This is why Binance places a strong emphasis on empowering users to take their security seriously. In fact, the most effective solution to social engineering attacks lies in education and prevention.

Through regular communications and guides, we help inform Binance users of the latest scam trends and best practices to avoid them. We also show the community how to identify and report suspicious activity to us. This is the case, for example, with our How to Survive Scams blog series, in which we dissect common cryptocurrency scams for our users.

We also recommend contacting us only through verified social media accounts and official channels for accurate information and updates. This helps reduce the risk of falling victim to scammers posing as Binance representatives.

How to protect your personal data online?

In addition to the security measures applicable to Binance users, there are many things you can do to stay safe.

Be wary of unexpected or unsolicited communications

Social engineering attacks often start with unexpected communications, such as emails, text messages, social media posts, or additions to group chats. Approach any unsolicited communication with skepticism, especially if it asks for personal information or requires immediate action.

Check the authenticity of the sender

To recognize a spoofed identity, look for inconsistencies or unusual elements in the sender's email address or social media profile. Official communications must come from verified accounts or known and legitimate email domains.

Check for grammar and spelling mistakes

Scams often contain grammatical errors, spelling mistakes, or irregular formatting. Pay attention to these details when assessing the credibility of a message.

By hovering over a link without clicking, you can usually see its destination URL. If the URL looks suspicious or unrelated to the supposed sender, it may be a scam.

Beware of pressure tactics

Social engineering attacks often take advantage of a sense of urgency, fear, or emotional triggers to manipulate victims. Be careful if a message demands immediate action, threatens consequences, or suggests something that seems too good to be true.

Check requests for sensitive information

Legitimate entities rarely ask for personal or financial data via email or social media. If you receive such a request, contact the organization directly through its official channels to verify.

Beware of spoofed websites

Scammers often create fake versions of legitimate websites to trick users. Before entering sensitive information, make sure the URL is correct and the site has a secure connection (https://).

How can cybersecurity education and good habits help you stay safe?

Prevention plays a crucial role in combating social engineering scams because these attacks exploit human vulnerabilities rather than technological flaws. Once someone has been victimized, it can be difficult to reverse the damage, including loss of sensitive information, financial loss, or identity theft.

Prevention through education and vigilance is essential. By properly informing yourself about the latest scam techniques and adopting safe online habits, you can protect yourself against cybercriminals. Constant vigilance and questioning the legitimacy of unknown communications also helps build strong defenses against social engineering attacks.

As we mentioned earlier, properly storing and managing your online data is also crucial. You need to maintain good cybersecurity habits to ensure that not everyone can easily access your important information.

Also remember that what may not seem important to you could be very useful to a scammer. Social media is a powerful tool for peeking into your life and gleaning actionable information to gain your trust.

Always be vigilant: Binance can help you with the rest

Binance and its users have a key role to play in the fight against scammers who use social engineering. Users should remain vigilant and aware of the latest scams, taking proactive steps to protect their accounts and personal information.

Binance is also committed to working behind the scenes to identify and counter these malicious actors. We will also continually improve the platform's security measures to provide a secure ecosystem for all users. Working together, Binance and our community of users are building a robust defense system against the most sophisticated social engineering threats.

For more information

  • Managing Risk: The Ins and Outs of Binance Platform Security

  • What is social engineering?