Phishing is a type of social engineering attack; a fraudulent attempt to obtain sensitive information such as username, password, 2FA code, etc by disguising as Binance in electronic communication.
1. Phishing Email Example 1
This email below was created by hackers to steal the user’s email account, password and 2FA backup key
- Phished email was sent from a scam Binance <email@example.com> address
- If you hover over the Verify Email button, you can see the phished link which in this case was
https://firstname.lastname@example.org. After clicking the button one can see this page:
- Unfortunately, some victims will fill in their Binance email account and password data on the scam ‘www--binance.com’ website. After clicking the Log In button, the hacker will have prepared a special dialog window as seen below:
- It is really unfortunate that some victims will decide to disclose their ‘2FA backup keys’ without hesitation. At this point, the hacker will have successfully collected the victim’s username/password/2FA - thus gained full access to the victim’s accounts.
2. Phishing Email Example 2
- The phishing email below persuaded users to download a fake PDF file which was actually malware/virus/Trojan software.
3. Phishing Email Example 3
The phishing email below instructed users to click a malicious link in order to receive a nonexistent 0.129 BTC.
When you notice such a message, it’s always best to hover over the link to see where it points.
4. Phishing Email case 4
- The phishing email below instructed users to click a malicious link in order to participate in a competition called ETH Giveaway. Once again, the email was sent from an email address that was not an official Binance email.