Phishing is a type of social engineering attack; a fraudulent attempt to obtain sensitive information such as username, password, 2FA code, etc by disguising as Binance in electronic communication.
1. Phishing Site Example 1
This phishing site was created in order to steal users credentials such as account email address password, and 2FA code.
- In this example, victims on Facebook would click into a manipulated link leading to Binance, only to find that the link points to https://www.binance-co.com/, a phishing site.
- Unfortunately, the victim decided to log in using your username/password and clicked the login button. This results in the hacker successfully stealing the user's account name and password.
In the next page, the phishing site asks the user to fill his Google 2FA backup key. Binance will never ask you (in any case) to input your Google 2FA 16 backup key at all.
Users who fill in the form on this phishing site will be compromising their 2FA.
- In this case, hackers have gained full access to the user’s accounts with data that has been shared by unaware users.
2. Phishing Site Example 2
- The phishing site below attempted to trick users into installing a Trojan/virus software.
3. Phishing Site Example 3
- The phishing site below attempted to trick users into moving their assets to a “secured wallet” as soon as possible. Binance will never ask any users to do this.