How To Avoid Binance DEX Phishing Scams — Thanks To MetaCert
- $495 will have been stolen from crypto traders and investors by the time you read this sentence
- 90% of all breaches start with phishing scams
- 93% of all new phishing sites display a padlock in the browser toolbar
- 99.99% of traders and investors look for the padlock and immediately assume they can trust the website
- Checking the URL with your eye is useless — it’s very easy to create a phishing URL that tricks everyone — including security professionals
Everyone has been trained to look for the padlock — so it’s easy for threat actors to trick people into a false sense of security using a free DV SSL certificate that’s issued without any form of identity verification.
A new Binance DEX phishing scam
At the time of writing this article, the phishing site below has yet to be detected and blocked by Google Safe Browser API — so it’s accessible right now via Chrome, Brave, Firefox and Safari
… it’s not detected by any other security solution that I tested either. But I don’t expect it to be — it’s technically impossible for any security company to detect every new malicious URL — IMPOSSIBLE. It doesn’t matter how much AI, computing power or machine learning technology that’s being utilized — it’s still impossible. Companies that pay for multiple solutions from the biggest companies in the world say that phishing is still a massive problem for them.
Like almost every phishing site on the web, it has a DV certificate that was issued by Let’s Encrypt
Here’s what the real Binance DEX website looks like
Below is a screen shot of what happens when you now try to access the phishing site using a MetaCert product or service, or if you use an app or security service that has integrated our patented SDK or API service.
N.B. this site was accessible while using our products and services before a member of our community reported it to us — at which point we classified it. Again, it’s technically impossible for any company to detect every new threat — that’s why we do things VERY different. Keep reading to see into the future of anti-phishing protection and a new way to trust website.
Welcome to the future of online trust, and anti-phishing protection for everyone
At MetaCert we have built the world’s most advanced threat intelligence system / URL classification system. This is in part, due to my R&D which dates back to 2004, when I co-instigated the creation of the Standard for URL classification at the W3C — the Standards body for the World Wide Web, and to a greater extent, because of Kamrul, our amazing Chief Architect — an amazing guy who I’ve worked with for the past 15 years. 🙏
Don’t judge us by what you see on metacert.com — it’s terrible and doesn’t display anything that we have built or sell. But that will change in a few weeks. We can classify URLs in a way that other companies can not. But I won’t bore you with the details surrounding that.
What’s unique and different
MetaCert is completely different because, we believe trying to detect and prevent new threats by itself, is a losing battle. As you can tell from this article, not a single solution we tested blocks this phishing site. And most phishing sites last for only a few hours — that’s all that’s needed for them to get the job done. So by the time a phishing site is taken down many more pop back up again. It’s like playing a game of whack-a-mole.
At MetaCert we focus on “VERIFIED-AS-SAFE”. In other words, while protecting you from known threats, we will tell you with 99.999% certainty, when a URL is verified as safe. And we have verified many millions of them — focusing on the websites that you should care most about.
What it looks like
When using one of our security integrations for desktop internet browsers or native email apps, you will always know when it’s safe to open a link and sign into a website. We provide you with a new shield that turns from grey to green whenever you visit a site that is safe. We make it virtually impossible for anyone to fall for a phishing scam. In fact, we can assert thus far, not a single person has fallen for a phishing scam while protected by MetaCert.
How MetaCert protects you from this new scam with zero-second security
Look at the screen shot below, this site displays a grey shield on the toolbar — every MetaCert customer knows that this means “caution” — especially if it’s likely to be verified and therefore likely to display a green shield.
Below is what the real Binance DEX website looks like when you’re protected by MetaCert.
If the shield is green, you know you’re safe. That’s it. Simplicity for the consumer, because it’s outrageously well engineered on the backend.