Phishing is a type of social engineering attack. Fraudulent actors attempt to obtain sensitive information such as username, password, two-factor authentication (2FA) code, etc., by disguising themselves as a Binance employees in electronic communication. Phishing emails are one of the most common methods scammers use.
1. To quickly identify whether or not the email is from Binance, you can look up the sender's email address in Binance Verify.
2. If the source is not verified, please assume the email was not sent by Binance and avoid clicking any links in the email.
Even if the source address is verified, it could still be a spoofed email. Email spoofing applies various techniques to forge the sender's address. It attempts to impersonate someone you trust and tricks you into clicking any malicious links or downloading malware to take over your online accounts or steal funds.
To better protect yourself from spoofed emails, you can set up an anti-phishing code on Binance and always check whether there is an anti-phishing code and if it matches the one you have set up.
3. If the email does not contain an anti-phishing code, please check if the domain in the email belongs to an official Binance source. If you find the email suspicious, or you are still unsure whether it was sent by Binance, please contact Binance Support to verify.
Here are some examples of phishing emails.
1. Phishing Email Example 1
The email below was created by an attacker in an attempt to gain access to the user’s email account, password, and 2FA backup key.
Although the email sender's display name is Binance, please pay attention to the actual sender's email address. The phishing email was sent from <do-not-reply19@www--binance.com>, which uses a lookalike domain – a common tactic for attackers in order to impersonate Binance.
If you hover over the “Verify Email” button, you can see the fraudulent link / URL, which, in this case, was https://www--binance.com/binance/login.php?id=xxxx@axxxxl.xxm. After clicking the button, you would then see this fake Binance page:
Unfortunately, some users do fall victim to such ruses and fill in their Binance email account and password data on the scam website (www--binance.com). After clicking the “Log In” button, users will see a special dialog window, as seen below:
Unfortunately, some victims disclose their 2FA backup keys without hesitation. When this happens, the hacker would have successfully collected the victim’s username/password/2FA, thus gaining full access to the victim’s accounts.
The phishing email below persuaded users to download a fake PDF file, which was actually malware/virus/Trojan software. Please pay attention to the overall email structure and its poor layout:
3. Phishing Email Example 3
The phishing email below instructed users to click a malicious link in order to receive a nonexistent 0.129 BTC.
When you notice such a message, it’s always best to hover over the link to see where it leads to.
4. Phishing Email Example 4
The phishing email below instructed users to click a malicious link in order to participate in a competition called “ETH Giveaway”. Once again, the email was sent from an email address that was not an official Binance email.
5. Phishing Email Example 5
This is a phishing email that pretends to be from listing@binance.com. However, it is not sent from our email server although the domain is legitimate.
The phishing email below persuaded users to contact a fake Binance staff on Telegram. Then the scammer asked users to deposit crypto into their blockchain addresses.
All emails can be spoofed. Please be wary even if the email appears to be sent from an official Binance mailer email. Therefore, it is advised to always be on the lookout for emails that sound too good to be true (such as token listings, giveaways, etc.).
If you think you received suspicious emails that impersonate Binance, please get in contact with Binance Support for further investigation.