Binance: Phone scammers act on our behalf - and we are powerless
Victims were informed by unknown persons that the offer would expire on the same day and were advised to urgently pick up their winnings by clicking on a link in the SMS message. After clicking on the malicious link, the context menu prompted the victim to log into their Binance account and provide the necessary passwords.
Binance admitted that the scheme is a typical attempt at a spoofing attack via SMS, when the attacker replaces the sender of the message in such a way that the message on the recipient’s phone appears as if it came from a trusted source. The goal is to trick the victim into following instructions, stealing sensitive data.
The company is powerless in the fight against such fraud because the GSM communication system technology in which SMS messages operate allows the sender to randomly fill out the “sender name” field, Binance said. Mobile operators do not check whether the sender of the SMS has the legal right to use a particular name.