P2P Safety: How to Recognize and Avoid QR Code-Assisted Account Takeover Scams

2024-11-08

Main Takeaways

  • In an increasingly widespread variation of account takeover scams, criminals trick peer-to-peer (P2P) crypto sellers into scanning a Binance login QR code by presenting it as an order QR code. This way, they gain complete access to the victims' accounts.

  • Avoid scanning Binance login QR codes provided by others, never authorize logins from such QR codes, and keep all P2P transaction-related communications within the Binance platform.

  • If you suspect that your account has been compromised, immediately disable your account and secure your devices to prevent further unauthorized access. Then, contact Binance support and file a report, providing all the related communication and transaction records you've documented.

Here at Binance, user safety is the top priority for us, and one of the best ways to ensure it is promoting security education. Staying informed about evolving scam tactics is crucial, as users are the first line of defense against illicit activity. By recognizing the latest schemes, you can protect both your funds and the broader crypto community.Recently, a particularly deceptive variety of account takeover scams has emerged, targeting peer-to-peer (P2P) crypto traders. Criminals trick unsuspecting users into granting them full access to their Binance accounts by presenting login QR codes as P2P transaction order codes. In this article, we’ll explain how this scam works, as well as how to detect and avoid it.

Understanding The QR Code Account Takeover Scam

The scam takes advantage of Binance’s QR login feature, which lets users scan a code with their already-logged-in phone to easily access their account on another device. Here’s how a typical scam flow works.

1. Initiation: Scammers commonly use two methods. In the first, the scammer (posing as a crypto buyer) responds to an ad on a P2P marketplace, expressing interest in purchasing cryptocurrency from the victim. Alternatively, the scammer may offer to sell crypto to the victim (buyer) at an enticing price.

2. Usage of third-party platforms: The scammer convinces the victim to communicate on a third-party platform like Telegram or WhatsApp.

3. Sending a QR Code: Instead of sending an order QR code, the scammer sends a Binance login QR code, making the counterparty believe that scanning it is necessary to proceed with the transaction.

4. Full Account Access: When the victim scans the login QR code and authorizes the login, the scammer is logged into the victim’s account, immediately gaining control of the victim’s funds. This allows the scammer to transfer all assets out of the victim’s account into their own. 

Real-Life Example

Masquerading as a buyer, the scammer responds to a P2P marketplace ad, pretending to want to purchase cryptocurrency. They then claim they will send a QR code which upon scanning will complete the transaction.

The scammer then asks the seller to continue the conversation on a messaging app outside of Binance. Next, the scammer sends a Binance login QR code instead of the order QR code. Once the victim scans and authorizes it, the scammer gains full access to their Binance account.

Key Takeaway: Never conduct deals through messaging apps outside of Binance.

How to Avoid Becoming a Victim

1. Do Not Scan QR Codes from Counterparties: If a QR code has a Binance logo in the middle (such as the one shown below), it’s most likely a login code. Avoid scanning such codes provided to you by any third party, especially outside of Binance. When scanned by you, it could give anyone access to your account.

 

2. Do Not Authorize Login After Scanning a QR Code: If you’ve mistakenly scanned a QR code sent to you from an external source, do not proceed with login authorization. This is the key step scammers rely on to gain control of your account.

 

3. Keep Conversations on Binance: Always conduct P2P transaction communications within the Binance platform. To reduce the risk of being scammed, avoid sharing your contact information with trading counterparties.

If You Suspect Your Account Has Been Compromised 

If you suspect your account is in danger and still have access to it, stay calm and take the following steps:

1. Disable Your Account: Immediately disable your account by following these steps to prevent further unauthorized access. 

2. Secure Your Devices: Ensure that your devices are secure, as your account can be re-compromised if malware is involved. Only reactivate your account if you’re sure that it’s secure.  

If You’ve Been Scammed

1. Contact Support: Immediately reach out to Binance customer support to report the issue and seek assistance in recovering your account.

2. Document Everything: Keep a detailed record of all communications and transactions related to the scam. These records are vital for your case.

3. Report the Incident: File a report by following the steps in this guide: How to Report Scams on Binance Support. Timely reporting increases the chances of recovery.

Final Thoughts

While Binance continuously enhances its security systems, a vigilant community remains the best defense against these evolving threats. By staying up to date with constantly emerging and evolving tactics like QR code-assisted account takeovers, conducting all P2P communications within the Binance app, and avoiding external messaging platforms, you can significantly reduce your risk of falling victim to scams. Together, with Binance’s security infrastructure and your proactive steps, we can foster a safer and more resilient crypto community.

Further Reading

240,119,619 users chose us. Find out why today.
Register Now