In Ukraine, there has been a sharp increase in cases of fraudulent SMS attacks using message spoofing, which has become one of the most pressing threats to users of cryptocurrency services. Representatives of Binance reported that the support service is receiving an increasing number of inquiries regarding similar incidents, where fake SMS messages are disguised as official communications from banks or exchanges.
This is reported by Business • Media
“Despite the emergence of hundreds of modern authentication apps, SMS remains the primary method for transaction confirmation for millions of users. Fraudsters have learned to embed fake SMS messages into the same chats where you receive official notifications from banks or exchanges. The same number. The same message thread. Completely different intentions,” Binance noted.
SMS Spoofing: How This Scheme Works
SMS spoofing involves fraudsters sending messages that appear to be sent from the official number of a bank, exchange, or other service. A smartphone cannot distinguish a genuine SMS from a fake one, so all messages are collected in one thread. This creates an illusion of authenticity, and users can easily become victims of deception.
Malefactors use several methods to implement this scheme:
- Weak SMS Gateways. Some providers allow the sender ID to be changed, opening the door for spoofing.
- VoIP Services. Internet telephony allows any sender name to be specified, which also facilitates fraud.
- Gray Channels. Some mass mailing providers collaborate with fraudsters, helping them integrate fake messages into “trusted” communication channels.
Binance provides a real example: a user received an SMS about “suspicious logins from different cities.” The message appeared in the same thread as genuine messages from the exchange, causing the user, in a state of stress, to call the number provided. Subsequently, the fraudsters initiated a real password recovery request at Binance and suggested transferring funds to another wallet, the seed phrase for which they provided themselves. If the user had succumbed to the pressure, their money would have been lost.
How to Recognize and Avoid SMS Fraud
Fraud schemes are based on psychological pressure—they create panic and a sense of urgency, forcing users to act thoughtlessly. Binance emphasizes the so-called “red flags” to consider:
- Urgent calls to action: “call right now” or “immediately confirm your details”;
- SMS with suspicious links that do not lead to the official website;
- Absence of your unique security marker (code or user ID) in the message.
To protect yourself, follow these recommendations:
- Perform all actions only in the app or on the official website. Do not use numbers or links from suspicious SMS messages.
- Check for the Anti-Phishing Code or User ID in every official message.
- Don’t rush: always take a moment to verify information through official channels.
- Increase your awareness of cybersecurity issues and regularly familiarize yourself with new fraud schemes.
“Technology cannot protect against everything. Even the best technical filters will not stop fraudsters if the user willingly gives them access. Therefore, knowledge and caution become the main shield. In the world of Web3, every minute counts: it only takes one fake SMS to lose everything. Do not let fraudsters exploit trust. Set your own security rules and stick to them,” Binance concluded.