Binance Users Targeted in SMS Scam, Exchange Warns Against Spoofing Attacks
Last week, users of Binance fell victim to scammers who sent fake SMS messages claiming they had won prizes in the Binance Mystery Box lottery, with rewards valued at around 100 euros in cryptocurrency. The victims were informed that the offer expired the same day and were urgently advised to claim their winnings by clicking on a link in the SMS. Upon clicking the malicious link, victims were prompted to log in to their Binance accounts and provide the necessary passwords. Binance acknowledged that this scheme represents a typical attempt at a spoofing attack through SMS, where attackers manipulate the message sender to appear as if it is coming from a trusted source. The goal is to deceive victims into following instructions, ultimately leading to the theft of confidential data. Binance stated its inability to combat such fraud since the technologies of the GSM communication system, under which SMS messages operate, allow the sender to arbitrarily fill in the "sender name" field. Mobile operators do not verify whether the sender sending the SMS has the legitimate right to use a specific name. "To close this security loophole in SMS, the whole world would have to modify GSM technology, which seems unrealistic to us," concluded Binance. Earlier, the National Agency of Project Management in Uzbekistan (NAPM) announced that the world's largest cryptocurrency exchange, Binance, would be required to pay a fine for operating in the country without a license. Read the full article