Tommy received a text message that appeared to be from Binance, warning him that the tax document had expired and that he needed to complete verification on the website link provided. Worried, he clicked on the link provided, which took him to a website that looked like the official Binance site.
Shortly after Tommy filled out all the information, he received a call from someone claiming to be a Binance representative. The person instructed him to scan a QR code and perform a facial verification. Trusting the process, Tommy followed the steps, unaware that he was being scammed.
After verification, Tommy was again instructed by the call to access the Binance app and complete the facial verification once again. Before long, Tommy received the notification from the Binance app, 6 ETH had been withdrawn from his wallet. He realized that this was a phishing attack, but Tommy was already suffering financial losses.
In the story, we saw that the scammer created urgency for Tommy, which made him nervous. Shortly after, the scammer was able to easily take advantage of Tommy's identity to pass verification and withdraw Tommy's funds. It is critical to understand that any type of verification (i.e. email verification, face verification) are security measures that Binance takes to protect user accounts. Therefore, we should never provide this information or perform these actions without first verifying the request.
Tommy should have directly contacted Binance customer support to confirm the request, rather than easily revealing sensitive information. He should have used the official Binance Verify Tool to confirm the authenticity of the process before proceeding.
Safeguarding your digital assets requires vigilance. Never share information or perform verification steps unless you have confirmed the request.