The rising popularity of cryptocurrencies has given scammers a chance to make quick bucks by tricking the cryptocurrency novices. Reddit users have discovered some fake Binance links on Google that are designed to look like the real Binance website. Notably, Binance might not be the only cryptocurrency exchange desk targeted by scammers. You have to be careful if you are a newbie in the cryptocurrency business.
They are not stealing your credentials but…
TheNextWeb reports that these fraudulent pages aren’t designed to steal your login credentials, but you can’t rule out the possibility of accidentally landing on a fake page that tries to steal your credentials. The fake Binance links that Reddit users spotted were merely forwarding visitors to the official Binance website. But they take you to the official Binance platform through an affiliate URL.
Websites that use affiliate links tend to make money from business referrals. For instance, the fake Binance links could be the affiliates of Binance, and they will receive 20% of the trading fees of any signees they bring to the Binance exchange desk. Binance’s affiliate terms read, “The commission you receive from the referral program will initially be set at a rate of 20 percent. This will then be adjusted after a certain period of time based on the situation.”
Binance says further that the “fee commission will be sent instantly in real-time” to the Binance account of the affiliate partners. It means those fake Binance links get paid a referral fee as soon as you complete each trade. The exchange desk pays them in the same token/cryptocurrency that you used to pay the fee.
How not to fall victim to fake Binance links
Many Reddit users have urged their fellow members who landed on fraudulent pages to report the fake Binance links for phishing. According to TheNextWeb, Google has now removed them from search. But more fraudulent links could appear in the future. The illegitimate pages use a technique called Punycode to “represent Unicode within the limited character subset of ASCII.” It allows them to display even the malicious domains as legitimates ones. It could easily confuse the new cryptocurrency traders.
Reddit user Logan991 says the best thing you can do is to bookmark the login pages of all the cryptocurrency exchanges you trade in and go to those exchanges only from the bookmarks. There are a few ways to tell the genuine websites apart from the fake ones. One is to check the SSL certificates in the upper-left corner in the web browser. Unfortunately, the hackers still have a few tricks up their sleeves to make it nearly impossible to spot the fakes.
TheNextWeb also found that the fake Binance links don’t usually update the exchange rates in real-time. The official Binance site shows you the real-time exchange rates. Binance is one of the world’s largest cryptocurrency exchange desks. Its large user base makes it a lucrative target for attackers. The fake Binance links appeared just weeks after hackers stole $64 million from NiceHash, a cryptocurrency mining market.
Scammers also targeting other cryptocurrency platforms
Binance is far from the only cryptocurrency platform targeted by scammers. A few months ago, Bitfinex warned its users that scammers had created a “phishing website” that “closely resembles bitfinex.com.” The hackers used the domain name “bitfienex-com.”
Be aware: a phishing website is online that closely resembles https://t.co/VJg06pe7uT The attackers are using domain bitfienex-com
— Bitfinex (@bitfinex) September 19, 2017
Last month, a fake Ethereum wallet app had climbed to the top of the iOS App Store, sitting on the third spot in the finance category. The fake MyEtherWallet.com app would cost users $4.99, and was supposedly allowing people to manage their Ethereum wallets and store wallet keys. Interestingly, the app had successfully got past Apple’s app review process and was in the App Store for more than a week.
This is NOT US. We have file reports and emailed and reported. Would appreciate the communities assistance in getting these scamtards out of our lives.
PS: We are #Foss4Lyfe https://t.co/SmI8cqNvxA
— MyEtherWallet | MEW (@myetherwallet) December 10, 2017
MyEtherWallet.com had to warn users that the app was fake because it didn’t have an official iOS app. Apple removed the fake app after MyEtherWallet.com pointed it out, but not before it had been downloaded by more than 3,000 people.
