Australian federal police have alerted over 130 people of a new text message scam aimed at crypto users that copies the same “sender ID” as legitimate crypto exchanges such as Binance.
The impersonation scam involves the fraudsters sending out messages through text and encrypted messaging platforms by impersonating a Binance representative, telling users of a crypto account breach and instructing them to set up a new wallet, the Australian Federal Police (AFP) said in a March 21 statement.
The text messages look real at first glance because they appear in the same legitimate text message thread as Binance communications.
Australia’s federal police say they have found at least 130 people who have been targeted by this scam so far. Source: Australian federal police
“The messages allegedly contained fake verification codes and were often ‘spoofed,’ meaning they appeared in a legitimate existing message thread from the well-known cryptocurrency exchange,” the AFP said.
“A support phone number was also sent, but when the targets called it, they were instructed to protect their accounts by transferring their cryptocurrency to a ‘trust wallet,’ which was controlled by the scammer and allowed the assets to be stolen.”
Online text messaging services allow messages to be sent from a Sender ID, such as a company name, rather than a phone number and can be exploited to spoof text messages, according to a March 1, 2019 report by the Australian Broadcasting Corporation.
Once a phone receives the sham communication, it’s reportedly grouped based on the Sender ID, appearing in the same thread as other messages with the same ID.
The AFP says it conducted an email and text blitz to warn the 130 people they identified who might have been exposed to this scam.
AFP Commander Cybercrime Operations Graeme Marshall said once the funds are transferred to the thief’s wallet, they are quickly transferred through a network of wallets, making seizure or recovery difficult.
The attack mimics another string of scam messages reported by X users on March 14, where fraudulent emails spoofing Coinbase and Gemini attempted to trick users into setting up a new wallet using pre-generated recovery phrases controlled by scammers.
Related: Australia’s ‘Barefoot Investor’ takes on crypto scammers stealing his likeness
The police said red flags for this type of scam include unsolicited contact from someone claiming to be from Binance about an account breach, pressure to act quickly and prompts for a seed phrase.
Binance Chief Security Officer Jimmy Su said in the AFP statement scammers often impersonate trusted platforms, exploiting certain telecom loopholes to manipulate sender names and phone numbers.
Su says Binance has a tool to confirm official Binance channels, and if in doubt, “stop and verify through official sources,” such as the contact information on the official website.
Source: Binance Australia
In December last year, the Australian government announced plans for an SMS Sender ID Register and an enforceable industry standard to crack down on similar scams, which have impacted Australian airline Qantas and tech giant Apple in the past.
Under the standard, telecom companies must determine whether messages sent under a brand name correspond with the legitimate registered sender and submit and provide their legitimate Sender IDs for the register.
The register is set to launch in late 2025, with a pilot SMS Sender ID Register operating as a stopgap in the meantime, according to Australia’s minister for communications, Michelle Rowland.
In August last year, the AFP revealed that a total of 382 million Australian dollars ($269 million) had been lost by Australians to investment scams during the previous 12 months, with around 47% of them being crypto-related.
Magazine: Lazarus Group’s favorite exploit revealed — Crypto hacks analysis
