Bitcoin Forum

Today, to login binance, I used google search (lazy ass) and click on google top ad (stupid of me). I check https and certification was secure and the name (nothing wrong there), and after entering my password and code for two step authentication, it displayed this massage:

Due to the implementation of new security measures you will be able to login 24-48 hours later.
Sorry for the inconvenience


I got suspicious, so I typed the address and went back and googled the massage and I came across this page (https://steemit.com/cryptocurrency/@nomader/warning-google-help-crackers-with-fishing-site). Apparently the displayed name in the url with valid certification has a small dot under n. So I was hacked, lucky me I change my passwords and my authentication method asap. But It was headache and normally it is not easy to spot this. You can also copy past the fake binance.com in a notepad and see that original url is : (https://www.xn--binace-zt7b.com/).

I know I was sloppy (even being normally paranoid about everything).
I am putting this here to stop anybody losing his BTCs.

EDIT:
Currently, the link is being redirected to the main website! which is really strange! It sounds like the hackers now redirecting the link true their server to avoid people knowing about them!


(https://www.xn--binace-zt7b.com/), hold you mouse pointer on the link and look for the bottom left corner of your browser, you can see the"." under n in their fake binance.com! I am now sure actually that they are redirecting to the main to avoid losing their phishing method!

This redirecting happened recently!

Phishing sites started to use this method, using non latin characters, that look like latin characters, on domain names to fake the site. Beware about this method on all sites you use for trading and instead of google search or clicking links, manually type the site names.

Are you sure the fake link you provided is a phishing link? I opened it on a VM and it just redirects me to the real binance, but with a referral link.

302 redirect brought me to binance.com/?ref=40581024

This is happening a lot and due to this when you login to original binance site you get this days this Safety Risk Notice. They have mentioned some points which as a user needs to take care while login to the exchange. Consider it as a important safety measure which they are notifying their users right in the front page after login happens successfuly.

Phishers are becoming more and more sophisticated in designing their phony websites. There's no surefire way to know if you're on a phishing site, but here are some hints that can help you distinguish a real website from a phishing site. Check the Web address. Just because the address looks OK, don't assume you're on a legitimate site. Look in your browser's URL bar for these signs that you may be on a phishing site:

1 - Incorrect company name. Often the web address of a phishing site looks correct but actually contains a common misspelling of the company name or a character or symbol before or after the company name

2- A missing forward slash. To verify that you're on a legitimate site, make sure a forward slash ( / ) appears after ".com" in the URL bar.

You're not the only one fell into the trap like this and not only Binance, Myetherwallet also has the same kind of phising site. Only 1 careless second you can lose everything you earned for years. You should be more careful next time to not give any free money for hackers and lazy fucking guys just wanna hack money from other people anymore.

Wow, I I feel your pain, have u try contacting you binance support?

It was redirecting to fake one, and now what you are saying happening that is confusing! maybe Binance.com was somehow involved or were hacked or they just toke over the fake website (I am not accusing anybody, I am just confused!!!)EDIT: check the original post!

Here is the screenshot of the google search and the top ad:

https://image.ibb.co/iDDu4R/binancefake.png

The only way now I can find  to avoid this problem is to check the certification of the website and issuer by clicking on the secure icon (green) in the browser:

Binance.com has certification from comodo (the authority of issuing some of the https certification)

while the fake one has a weird certification issuer and company name was :xn--binace-zt7b

exactly, I think we should be more careful and educate people to avoid this problem!

I did not lose anything, and I was fast to change my password, my authentication method, etc! But I should contact them, to just let them know!

The news that the world's largest exchanges - Binance, Bitfinex, Bittrex - suspended registration of new users, or tightened registration conditions, only spurred most of the newcomers to buy crypto currency (especially with such a strong fall of bitcoin) and try to register on the stock exchanges all the truth.

Of course, on this wave enterprising swindlers decided to sell accounts on stock exchanges. The price of the account today depends on the degree of verification that the user has passed and at the moment reaches 15 BTC! You will be surprised, but many did not at all confuse such a "gypsy" scheme of buying an account. Perhaps in the pursuit of the dream of becoming a bit-keen multi-billionaire, enthusiasts simply did not calculate that even after changing the password, the swindler can easily regain the account and skimp on all your hard-earned money somewhere in Thailand.

You most definitely should but thank you for bringing it to our attention because now investors who visit bct can now beware of this problem as well. Glad you didn't lose anything either that would have been a shitty situation.

Binance for example, This is almost a converted Forex. So I and possibly many other users do not strongly respect this exchange and do not consider one of the leaders in the trade in crypto currency. But in general, information is confirmed in many media.

Thanks for the fair warning. I have no Binance account but this would really help a lot of members to try and be sure that they are in the correct URL so that they are not going to be phished and loss their coins on the exchanges. That's why its important to bookmark the trading platform, there are a lot of hackers who will do anything to stole money out of their unsuspecting victims.

I'm sure that there are already who fall for this and can't do anything but to blame themselves because of their mistakes. Very hard lessons to swollen and it comes at a big cost for others. Good thing though that you are really quick to change everything.

It would have been, i agree!  ;)

I would be happy if I could have helped people for losing their investment.
Bookmarking is a good idea, I will do it to avoid feuture problem with other websites!

There's always a phishing attacks and spams in the crypto space. People have always been scammed one thing or the other.
It all boils down to being self secured and never clicking on untrusted links.
Thanks for bringing up this here, everyone gotta be extra careful.

That was a close one and luckily you did able to change password before the hacker did able to stole funds inside that account. Even my eyes fooled me in my first glimpse of the phishing site which it do have actually a small dot under that letter i. If you are really very lazy then checking this small difference of detail cant really be noticed which you would really end up on entering your credentials.

Yes, i agree with you mate. Well, to avoid from fake website(binance) or phishing site. You always check if that website that you browse are in a security padlock mode if you don't see that sign you might in wrong website that you transacted.

The Google ad Top is a legit site based on my own search. Maybe it depend on search filter per location and unfortunately you hit that scam site. I checked all details and still the top search with ad ended up as a legit one as far as my own location is concerned. You can also report that to Google for them to erased that link on seach result.

Anyways thanks for the warning and people must always look at the url if it's correct. For more security, enabled 2FA and bookmarked the official url of Binance which is https://www.binance.com .

Some Advise according to my experience and knowledge,

Never Google to login Crypto Exchange, Forex, Stocks and Bank website
If you frequently Use just bookmark if you are lazzzzzzzzzzzzy if not type proper Secured website
Never Hold the amount of Crypto in Exchange which you can't Loose
Always better option for saving your crypto is in offline wallet which is properly encrypted and save your backup in several different location.

Exchange is never safe, Not only hacking there are so many example of shutdown of exchanges so Please just leave that amount of Crypto which you are able to loose in Exchange Wallet rest please save your personal hand.

No Obligation to anyone this is 100000% my opinion
Thank Good Luck

This has happened to me in so many times, this is familiar with mew's problem. There are so many scammers are trying to copying or at least make the same domain site to fool us. I ever meet the same  domain but after I was clicking it and it redirects me to the fake site. that's why we must check it for twice or even third times.

I cannot believe something like that can happen! So basically google offers you to click on a website where Binance is written with Korean alphabet where the "i" of Binance has a little dot below which is not an "i"? And this send you to the phishing site, right?
I feel Google should be held accountable for that...

right, that "i" was two days ago, which was mentioned in that blog! For me the dot was below n and it fooled me!

Currently, the link is being redirected to the main website! which is really strange! It sounds like the hackers now redirecting the link true their server to avoid people knowing about them!


(https://www.xn--binace-zt7b.com/), hold you mouse pointer on the link and look for the bottom left corner of your browser, you can see the"." under n in their fake binance.com! I am now sure actually that they are redirecting to the main to avoid losing their phishing method!

This redirecting happened recently!

Try to invest on buying trezor to have a secured savings other that leaving it on mew or exchanges, it's much safer that keep on putting our private keys, and always bookmark most recent exchange or site to avoid phising sites, scammers were everywhere so be careful.

Thanks for the information.
Bookmark will be the answer and they are always telling this with trading and wallet websites. Bookmark as soon as you can so that just one letter typed in the URL will get you to the right place.
This phising methods have been really active since there is a lot of money involved with crypto currency.
Let us all be careful on what we will open. A triple check is a must now.

Sorry about that but then you have to learn to be very vigilante.In fact i use a protocol which i follow strictly when logging into most of the exchange sites i have accounts on.No messing around else whilst you are working hard to make money,an unscrupulous person somewhere is learning how to steal your money.

You can take revenge, now that we see that philsting domain redirects to a ref link of the hacker, you can report that link to Binance to investigate that referral link owner. Or this story is just a fabricated so you can insert your ref link?

Well that is very fatal how you transfers money to the website without ensure link before .
And i think any exchange now requires turn auth f2a before login . Deposit and withdraw .
Sorry for your loss dude.

Wow this is new. As a Binance user, thank you for the warning, Luckily I did not experience this one because I just usually google Binance.


I agree, I am bookmarking the correct website as I speak. I never thought that these scammers/hackers will think of something like this. Traders will need to be more vigilant this days as this scumbags are thinking of new ways how to victimize people.

I agree . anyway in sending the money sure also my eyes will go straight to the www before doing anything.
maybe he rushes and just realized after he sent. or maybe he's sleeping less than out concentration. bit sad to loss like that way.

Those phishing sites usually appear in the top ads of google so if you always use a site, always bookmark it especially if it involves money because these sites are usually the target of phishers. There have been many phishing attempts every where whether it is in e-mail or in google so we should always be vigilant when it comes to sites and triple check the URL. MEW has a warning always at the top because there are so many victims of being phished copying their site. There is a chrome extension called Cryptonite by Metacert. When you access a site, a green bar appear at the top if it is a verified crypto site. You can search it in the chrome webstore.

The ref number keep changing, too. The story is true, I will report the binance.com, ASAP. Here is the explanation for redirecting I posted yesterday:

Currently, the link is being redirected to the main website! which is really strange! It sounds like the hackers now redirecting the link true their server to avoid people knowing about them!


(https://www.xn--binace-zt7b.com/), hold you mouse pointer on the link and look for the bottom left corner of your browser, you can see the"." under n in their fake binance.com! I am now sure actually that they are redirecting to the main to avoid losing their phishing method!

This redirecting happened recently!

If you do try to read up you would able to find out that OP didnt lose up money since he did able to change password it directly when the time he realized that he was being phished by that site.I have checked now on google search and same as being said by most people here it is directly going to the original site with referral link.
If we do know these indications we are most likely not to be easily hacked or phished by somebody.Talking about MEW i do really love their caution message pop-up on the site which is really helpful on people to keep reminders on accesing the legit site and avoiding phishing sites.

Very clever. This way they can carry out a sort of "plausible deniability", claiming it has always redirected only to the correct sire. And they can perhaps avoid losing their google ranking and indexing. And whenever they feel in the mood again they can switch back the link yo their phishing site.

Exactly, i think they can hack people time to time and collect some coin here and there! I hope people read and take necessary precautions.

I would suggest that you should bookmark the real binance site to avoid again logging into these phishing  site that could take all your investment injust an instant or it can also hack your email if you have same password with it. Also try checking the coinmarketcap to see the legit sites of exchangers for your references

To avoid having to log in to fake websites of commercial sites, type the name of the trade page for the first time then save the bookmark of the browser you are using and the next time you log into the merchant site just open the bookmark and log in to your account. That's one way I usually use to avoid logging in to fake business sites.

It is not something new,hackers use Google ads to place their phishing sites on number one search results based on key words.Since cryptocurrency is very popular these days,many users lost their money by downloading fake wallets like Electrum or to log in to fake sites.Unfortunately "mighty" Google do not check to whom they sell advertisements,it is important for them to take money first and for deceived users they have report page where you can report phishing sites.

https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en

Can someone explain why when you type in binance on google or other similar sites the first link or two links that shows up on the top are the google ads links with the supposed site?  Why has those not been taken down?  Because if you are not careful, you could easily click on it like the original poster.

Personally I think google does things automatically, unless we report it and they investigate it!

next time you should be more careful in accessing all trading sites.
before binends, poloniexes and bittrex were the two big makets that often got similar problems.
I read a lot of this.

hopefully you get a lot of experience from this.
support binends are the best at the moment.
but I'm not sure if I would accept such a thing for their site.

Thanks OP for sharing your experience. I've been reading up all sorts of things and it freaks me out how easily can ppl get hacked. How long more to read before I feel safe to invest?  ???

This is why it is important to always keep those kind of sites bookmarked, this should be done for all the websites where you can transact money or where you have an important account, so keep bookmarks of your email providers, paypal, your bank, the exchanges you use, your wallets and bitcointalk that way you will avoid the most dangerous phishing sites.

You are never safe in the internet, but you can make the cost and effort of being hacked high! ;)

It is always better to be careful logging into your account using Google. Save the URL somewhere and make use of most times

I'm just curious how these phishing sites succeed when binance requires 2FA to login? Even if they get your password they still need access to your phone too.

Holly molly I would never have noticed those two dots. Scammers getting more and more creative. This is just a reminder to be sharp, always.
So simple, but I bet that they have scammed a lot of people with this one.

These scammers are turning to pros. It's really bad to see this nor help the crypto.
Those two dots are very hard to see. I would fall for that.

Hm, it's very well thought out. My computer wouldn't let me to that site at first place, but people could be fooled very easily with this one.
I'm suspicious about everything and this is a good reason why.

Be careful with your property because there are now a lot of scammers by using site addresses like Binance to cheat investors. Use bookmarks and 2FA security to protect your account, which is the best way to avoid property theft.