Telegram Scammer Attempting To Impersonate Binance Support

The channel was quickly classified by MetaCert, and has since shut down, but beware any unsolicited invites on Telegram.

A budding scam on Telegram, that has cropped and closed up shop over the course of investigation, took the temporary form of channel h[xx]ps://t.me/cryptoeducations, where a user impersonating a member of the Binance team had pinned a message asking people, chief among all things not to spam.

The request not to spam is absurd, considering the fact that group members like “Maggie Campbell” were busy spamming seemingly random people with invites to the group. A bot operating in the background wipes away any lasting messages regarding who invited whom, but there’s a small delay, and in that brief time Maggie’s work was exposed:

The bot wipes away any invites as soon as they take place, often before the invite message fully materializes.
If the owner of this account adds you to any groups, its a good idea to leave those groups and block them too.

By the way if you’re curious, I went ahead and checked out Binance’s official site to see if any new channels had cropped up, and I couldn’t find anything.

To take things further a member of our team went into the channel and asked for an explanation regarding the impersonation of Binance support staff only to be banned and have their messages subsequently deleted.

I have obfuscated the identities of the Telegram accounts used to investigate this scam.

Another account we used to investigate the channel took a softer approach, simply inquiring about the group and asking for an admin, which was met with a response, and some heckling from scrutinizing users who heckled the group as a scam, and were deleted. The admin/scammer impersonating Binance Support, in the meantime, directs our investigator to correspond via direct messages (DMs).

I have obfuscated the identities of the Telegram accounts used to investigate this scam.

In DMs, the scammer asks our investigator “what kind of coin do you need to exchange?” and asks for a corresponding wallet address. They go on to inquire about a Binance username, and associated email address, whether or not they have sold their hodlings, how much ETH our investigator intends to sell. The scammer then offers to “do exchange [sic] manually.” When questioned as to whether they are located in China, the impersonator responds yes and goes on to say they will prepare an address for an ETH transfer at a rate of 300USD=1ETH, which is a premium rate in the current bear market. Finally, the scammer asks for bank credentials “following tranlsation” which was probably a typo for ‘transaction.’

In all, this is an unsophisticated phishing attempt, an attack that takes advantage of the fact that many people haven’t edited their Telegram settings to restrict involuntary adds to groups. It also relies on the hopes that users added who see the name “Binance Support” as the administrator will not be skeptical and check it against Binance’s official website, which lists all of the cryptocurrency exchange’s official communication channels. At an early stage, these red flags and the small number of users in the group might be enough to suggest to anyone who stumbles across the group, or is added, that it’s a scam.

However, with agents inviting users involuntarily, it doesn’t take much time for the number of members in a channel to swell. In addition, admins working the channel will allow messages that promote the scam to filter through while grooming negative posts from users that cast doubt or expose the scam. Growing the membership of a channel to a significant number, even if those accounts are fake, and controlling the flow of content from onset to make the channel appear legitimate are tricks that go a long way to helping scammers sink their teeth into unsuspecting users who are simply turning to what they believe is a support team, to get help.

What Can You Do?

By the way, if you don’t want this to happen to you, you can easily edit your preferences on Telegram to prevent such involuntary invitations. Click on the settings icon, navigate to “Privacy and Security” and click where it reads “Groups.” A menu on the next screen will provide you options to delineate between who may add you to group chats. Choosing “My Contacts” over “Everybody” will give you a great degree of privacy, and should put an end to the spammy groups currently in bloom on Telegram.

If you’re an admin for any sized Telegram group, keep your members safe from malicious actors introducing links that lead to scams like the telegram room listed above, by inviting MetaCert’s Telegram Bot to your channel today. The MetaCert Bot operates behind the scenes, checking the safety of every web resource posted inside your group, including cryptocurrency addresses. If a bad resource is posted, the bot warns the group. Today our bot is protecting over 1,000,000 users on Telegram, and we expect that number to continue to grow.

MetaCert Protocol is the best in the world at one thing — URL Classification.

MetaCert Protocol is decentralizing cybersecurity for the Internet, by defining ownership and URL classification information about domain names, applications, bots, crypto wallet addresses, social media accounts and APIs. The Protocol’s registry can be used by ISPs, routers, Wi-Fi hotspots, crypto wallets and exchanges, mobile devices, browsers and apps, to help address cyber threats such as phishing, malware, brand protection, child safety and news credibility. Think of MetaCert Protocol as the modern version of the outdated browser padlock and whois database combined.

Find out more about the MetaCert Protocol, ask questions, and leave suggestions on both our White Paper and Technical Paper. You can also join our Telegram community to stay up to date on our blockchain project. Remember to install Cryptonite to protect yourself from phishing scams before it’s too late.