Managing Risk: Binance's Fight Against Social Engineering

The main point

• Social engineering is a type of manipulative strategy used by cybercriminals by exploiting human psychology often using phishing emails, phone calls, and direct messages to extract money from their victims.

• Digital footprints can reveal sensitive information that is used by criminals to target individuals using social engineering techniques so you must manage and control personal information to mitigate potential risks.

• Binance and its users play an important role in eradicating social engineering fraud. Users must educate themselves about potential threats and remain vigilant, while Binance's role in this fight is to continually improve security measures and work with law enforcement to tackle fraud at its roots.

• If you receive a random direct message from someone claiming to be from Binance, it is almost certainly a scam. Never share your BUID or personal information with anyone else. Only use the official support chat link via the Binance app or website.

Here's how you can participate in the fight against social engineering fraud, keep yourself safe, and help the Binance community.

With the rise of social engineering fraud in the crypto world, we all need to examine our roles. Countering these threats is an important part of managing risk. Binance is truly responsible for the security and privacy of users on our platform. From the user's side, awareness and vigilance are the best ways to stay safe.

If you're not familiar with social engineering scams, consider this your crash course. You'll also find out exactly how we can help.

Make Sure You Understand How Binance Representatives Will Contact You

Before diving into the details, you as a Binance user should always be aware of the legal methods we use to contact you. Binance will only use verified official channels to contact users. Some of these include:

1. Official email from Binance domain

2. In-app notifications

3. Announcement on the official Binance website

4. Verified social media accounts

5. Customer service portal on the Binance website.

You should also remember that Binance will never ask for personal or other sensitive information via direct messages, phone calls, or other unauthorized communication channels.

To further increase security, you can use Binance Verify. With this tool, you can check whether the person contacting you officially represents Binance. Just enter the website link, email address, phone number, Twitter account or Telegram ID of the person who has contacted you.

If someone claims to be a Binance employee or Binance advisor and you have doubts about their authenticity, please contact our customer support team. Then, we will be able to help you verify the legitimacy of any messages you have received.

What is Social Engineering and How Does It Work?

Social engineering is a set of manipulative strategies used by cybercriminals to trick individuals into disclosing sensitive information, providing unauthorized access to personal accounts, or performing other actions that benefit the attacker.

Social engineering exploits human psychology and people's beliefs in general. Attackers will pretend to be colleagues, friends, or authorities and use a variety of techniques to get victims to obey them. Actions include phishing emails, phone calls, or direct messages that compromise the security of targets or their organizations.

Let's look at some examples. Imagine you get a call from your bank asking you to confirm your personal information and credit card details. However, you notice a number of charges on the card after doing so. Actually, the person contacting you is not your bank, but rather a fraudster who uses social engineering methods.

You can even be added to a group chat on a popular messaging app run by an administrator who claims to represent a crypto exchange. There may also be investment opportunities advertised in chat that promise high returns with urgent deadlines. Other members in the group chat may then also agree to participate immediately, creating a sense of FOMO that may encourage you to send funds to an unknown address.

In reality, crypto exchanges like Binance do not contact users in this way. Binance only communicates through its official and verified channels, and will never make such solicitations via SMS or add users to group chats.

Your Digital Footprint and Its Implications for the Security of Your Personal Data

Internet users' digital footprints can be a gold mine for social engineering fraudsters. A digital footprint is a trace of your online activity or identifiable data left on the internet, such as social media posts, browsing history, or search queries.

These digital artifacts can compromise the security of your personal data by revealing sensitive information that could be used to exploit or target you. For example, your social media posts can be used to find out that you are planning a trip to Thailand. Then, this information can be used by criminals to plan their social engineering scams based on your circumstances in a way that increases the chances of them gaining your trust.

Digital footprints also accumulate over time, creating extensive and often permanent records of your online activities. Therefore, you must manage and control your digital footprint to mitigate potential privacy and security risks.

Emerging Social Engineering Threats and Tactics

In recent years, there has been an alarming increase in social engineering attacks. The methods used continue to evolve along with technology, making it difficult for users to identify and avoid the latest schemes. New methods of digital communication provide more avenues for attackers to deceive and exploit.

Cybercriminals are increasingly using social messaging platforms to find victims and execute social engineering efforts. Attackers can impersonate friends, colleagues, or officials by copying information from their accounts and other forms of online presence.

Given that social engineering threats are increasingly prevalent, users must prioritize their digital security to protect their personal information. To help you stay alert, let's take a look at some of the most common tactics used these days.

1. Phishing: Fraudsters contact targets via email, SMS, or messenger by posing as representatives of reputable entities to trick recipients into clicking on malicious links, disclosing sensitive information, or downloading malware.

2. Pretexting: Attackers follow communication scripts to gain a victim's trust and obtain personal data, such as impersonating a bank representative or support technology platform that requires verification details.

3. Baiting: Cybercriminals lure victims with the promise of free goods or services to get them to click on links or download files that compromise their security.

4. Quid pro quo: A fraudster offers services or goods that appear to be of value in exchange for sensitive information or access to the victim's systems.

5. Spear-phishing: Specific phishing attacks that target specific individuals or organizations using detailed and convincing scripts to maximize the chances of success.

6. Watering hole: Attackers break into websites frequently used by a target group by injecting malicious code that damages visitors' devices.

Binance Efforts to Prevent Social Engineering Fraud

Protecting our users is the number one priority for Binance. As part of this work, we make every effort to prevent social engineering fraud by putting in place a number of robust security measures and continuing to increase awareness of the use of widespread schemes.

Binance uses a variety of security mechanisms, including multi-factor authentication, advanced verification processes, and continuous monitoring of suspicious activity on the platform.

Binance also regularly collaborates with cybersecurity experts and law enforcement agencies to stay abreast of new threats. By working together, players in the industry can develop proactive solutions to combat social engineering attacks.

Nils Andersen-Röed, Deputy Head of Financial Crimes Compliance at Binance, said: “We have always held the belief that effective security is collaborative, and the blockchain field is no exception. At Binance, we recognize that collaborative work with both public sector and industry players globally has helped us in our efforts to build a more secure and secure ecosystem for our users. However, what is equally important is ensuring that users themselves are involved in the process of keeping themselves and their assets protected.”

That's why Binance places great emphasis on the importance of users prioritizing their own security and safety. In fact, the most effective solution to social engineering attacks is education and prevention.

With regular communication and guidance, we help inform Binance users about the latest fraud trends and best prevention practices. We also show the community how to identify and report suspicious activity to us. An example of this is our Know Your Scam blog series which explains common crypto scams for the benefit of our users.

We also only recommend contacting us via verified social media accounts and official channels for accurate information and updates. This helps reduce the risk of becoming a victim of fraud by people posing as Binance representatives.

Ways You Can Protect Your Personal Data Online

In addition to Binance's numerous user security measures, there are many things you can do yourself to stay safe.

Be wary of unexpected or unsolicited communications

Social engineering attacks often start with unexpected communications, such as emails, text messages, social media messages, or being added to chat groups. Respond to any unsolicited communications skeptically, especially if they request personal information or demand immediate action.

Verify sender authenticity

To recognize impersonation, check the sender's email address or social media profile for inconsistencies or unusual elements. Authoritative communications should come from verified accounts or known and legitimate email domains.

Watch for poor grammar and spelling

Scams often contain grammatical errors, spelling errors, or unusual formatting. Pay attention to all these details when evaluating the credibility of a message.

Hover over the link before clicking

By hovering over a link without clicking, you can usually see its destination URL. If the URL looks suspicious or isn't associated with the supposed sender, it's probably a scam.

Beware of pressure tactics

Social engineering attacks often exploit a sense of urgency, fear, or emotional triggering to manipulate victims. Be wary if the message asks for immediate action, threatens consequences, or offers something that seems too good to be true.

Double check requests for sensitive information

Legitimate entities rarely ask for personal or financial data via email or social media. If you receive such a request, contact the organization in question directly through their official channels to verify.

Be careful of fake websites

Fraudsters often create fake versions of legitimate websites to trick users. Before entering any sensitive information, ensure that the URL is correct and that the site has a secure connection (https://).

How Cyber ​​Education & Hygiene Can Help You Stay Safe

Prevention plays an important role in combating social engineering fraud because these attacks exploit human vulnerabilities rather than technological weaknesses. Once someone is victimized, it may be difficult to recover losses that may include loss of sensitive information, financial loss, or identity theft.

Prevention through education and awareness is important. By understanding the latest fraud techniques and adopting safe online habits, you can protect yourself from cybercriminals. Remaining consistently vigilant and questioning the legitimacy of unknown communications also helps build a strong defense against social engineering attacks.

As we mentioned earlier, properly storing and managing your online data is equally important. You must maintain good cyber hygiene so that not just anyone can easily access your important information.

Additionally, remember that things that may seem insignificant to you can be very useful to scammers. Social media is a powerful tool for peering into your life and gathering information that can be used to build your trust.

Always Stay Alert – Binance Can Help Other Parts

Binance and its users play an important role in fighting social engineering fraudsters. Users need to stay alert and aware of the latest scams by taking proactive steps to protect their accounts and personal information.

Meanwhile, Binance is committed to working behind the scenes to identify and combat the perpetrators of these crimes. We will also continue to improve the platform's security measures to provide a safe ecosystem for all users. By working together, Binance and our user community form a formidable defense system against the most sophisticated social engineering threats.

Further Reading

• Managing Risk: An In-Depth Look at Binance Platform Security

• What is Social Engineering?

• Managing Risk: Catching Crypto Crimes with the Binance Investigation Team