The federal police in Australia have notified over 130 individuals about a new text message scam targeting cryptocurrency users, which imitates the “sender ID” of legitimate exchanges like Binance.
This impersonation scheme involves fraudsters dispatching messages via text and encrypted messaging apps while posing as a Binance representative. They inform users about a supposed breach of their crypto account and urge them to create a new wallet, as indicated by law enforcement in a statement released on March 21.
Upon first inspection, these messages appear authentic since they show up in the same thread as real communications from Binance.
Authorities have reported that at least 130 individuals have been targeted by this scam so far.
According to law enforcement, “the messages allegedly included fake verification codes and were frequently ‘spoofed,’ meaning they appeared within a genuine message thread from the reputable cryptocurrency exchange.”
Additionally, “a support phone number was provided, but when victims called, they were directed to secure their accounts by transferring their cryptocurrency to a ‘trust wallet’ controlled by the scammer, ultimately resulting in asset theft.”
Online messaging services allow for messages to be sent from a Sender ID, such as a business name, instead of a phone number, which can be exploited to falsify text messages, as noted in a 2019 report.
Once a device receives these fraudulent messages, it organizes them based on the Sender ID, placing them in the same thread as other messages from that ID.
The authorities conducted an extensive email and text alert campaign to notify the 130 individuals they identified as potentially vulnerable to this scam.
Commander Graeme Marshall of Cybercrime Operations stated that once funds are moved to the scammer’s wallet, they are swiftly transferred through a network, making recovery or seizure quite challenging.
This type of attack resembles recent reports from users who shared experiences of fraudulent emails mimicking trusted platforms, such as attempts to deceive individuals into setting up new wallets using deceptive recovery phrases that scammers controlled.
The police highlighted several warning signs for this kind of scam, including unexpected contact from someone claiming to represent Binance regarding a security breach, urgency to take immediate action, and requests for a seed phrase.
According to Binance’s Chief Security Officer, scammers frequently impersonate credible platforms and exploit vulnerabilities in telecommunications to alter sender names and phone numbers. He emphasized the importance of verifying through official channels if there are any doubts.
Image Source:
In December, the Australian government announced plans to implement an SMS Sender ID Register, alongside enforceable industry standards, to combat similar scams that have previously affected notable companies like Qantas and Apple.
Under this new standard, telecommunications companies will be required to verify that messages sent under a brand name correspond with a legitimate registered sender and to provide their legitimate Sender IDs for inclusion in the register.
This register is anticipated to be launched in late 2025, with a pilot program acting as a temporary measure in the meantime, according to the country’s communications minister.
Last August, authorities revealed that Australians had lost a total of 382 million Australian dollars ($269 million) to investment scams in the previous year, with nearly half of these related to cryptocurrency.
Related Insight:Analysis of the Lazarus Group’s exploits in crypto hacks