P2P Safety: How to Recognize and Avoid QR Code-Assisted Account Takeover Scams
Main Takeaways
In an increasingly widespread variation of account takeover scams, criminals trick peer-to-peer (P2P) crypto sellers into scanning a Binance login QR code by presenting it as an order QR code. This way, they gain complete access to the victims' accounts.
Avoid scanning Binance login QR codes provided by others, never authorize logins from such QR codes, and keep all P2P transaction-related communications within the Binance platform.
If you suspect that your account has been compromised, immediately disable your account and secure your devices to prevent further unauthorized access. Then, contact Binance support and file a report, providing all the related communication and transaction records you've documented.
Here at Binance, user safety is the top priority for us, and one of the best ways to ensure it is promoting security education. Staying informed about evolving scam tactics is crucial, as users are the first line of defense against illicit activity. By recognizing the latest schemes, you can protect both your funds and the broader crypto community. Recently, a particularly deceptive variety of account takeover scams has emerged, targeting peer-to-peer (P2P) crypto traders. Criminals trick unsuspecting users into granting them full access to their Binance accounts by presenting login QR codes as P2P transaction order codes. In this article, weâll explain how this scam works, as well as how to detect and avoid it.
Understanding The QR Code Account Takeover Scam
The scam takes advantage of Binanceâs QR login feature, which lets users scan a code with their already-logged-in phone to easily access their account on another device. Hereâs how a typical scam flow works.
1. Initiation: Scammers commonly use two methods. In the first, the scammer (posing as a crypto buyer) responds to an ad on a P2P marketplace, expressing interest in purchasing cryptocurrency from the victim. Alternatively, the scammer may offer to sell crypto to the victim (buyer) at an enticing price.
2. Usage of third-party platforms: The scammer convinces the victim to communicate on a third-party platform like Telegram or WhatsApp.
3. Sending a QR Code: Instead of sending an order QR code, the scammer sends a Binance login QR code, making the counterparty believe that scanning it is necessary to proceed with the transaction.
4. Full Account Access: When the victim scans the login QR code and authorizes the login, the scammer is logged into the victimâs account, immediately gaining control of the victimâs funds. This allows the scammer to transfer all assets out of the victimâs account into their own.Â
Real-Life Example
Masquerading as a buyer, the scammer responds to a P2P marketplace ad, pretending to want to purchase cryptocurrency. They then claim they will send a QR code which upon scanning will complete the transaction.
Key Takeaway: Never conduct deals through messaging apps outside of Binance.
How to Avoid Becoming a Victim
1. Do Not Scan QR Codes from Counterparties: If a QR code has a Binance logo in the middle (such as the one shown below), itâs most likely a login code. Avoid scanning such codes provided to you by any third party, especially outside of Binance. When scanned by you, it could give anyone access to your account.
Â
2. Do Not Authorize Login After Scanning a QR Code: If youâve mistakenly scanned a QR code sent to you from an external source, do not proceed with login authorization. This is the key step scammers rely on to gain control of your account.
Â
3. Keep Conversations on Binance: Always conduct P2P transaction communications within the Binance platform. To reduce the risk of being scammed, avoid sharing your contact information with trading counterparties.
If You Suspect Your Account Has Been CompromisedÂ
If you suspect your account is in danger and still have access to it, stay calm and take the following steps:
1. Disable Your Account: Immediately disable your account by following these steps to prevent further unauthorized access.Â
2. Secure Your Devices: Ensure that your devices are secure, as your account can be re-compromised if malware is involved. Only reactivate your account if youâre sure that itâs secure. Â
If Youâve Been Scammed
1. Contact Support: Immediately reach out to Binance customer support to report the issue and seek assistance in recovering your account.
2. Document Everything: Keep a detailed record of all communications and transactions related to the scam. These records are vital for your case.
3. Report the Incident: File a report by following the steps in this guide: How to Report Scams on Binance Support. Timely reporting increases the chances of recovery.
Final Thoughts
While Binance continuously enhances its security systems, a vigilant community remains the best defense against these evolving threats. By staying up to date with constantly emerging and evolving tactics like QR code-assisted account takeovers, conducting all P2P communications within the Binance app, and avoiding external messaging platforms, you can significantly reduce your risk of falling victim to scams. Together, with Binanceâs security infrastructure and your proactive steps, we can foster a safer and more resilient crypto community.