Once an employee of AML Crypto decided to exchange cryptocurrency via P2P transaction on Binance with withdrawal to a bank card and stumbled upon a scammer. Only if the attacker knew who he wanted to scam…

INTRODUCTION

You have decided to carry out a P2P transaction to exchange cryptocurrency for fiat with withdrawal to your bank card. You use Binance P2P or another platform as a tool. You create an advertisement for the sale of cryptocurrency. A scammer responds to your ad.

The fraudster changes this transaction to «paid» status. In fact, the funds were not sent to you. The platform asks you for confirmation of payment.

A fraudster in the transaction chat, masquerading as a Binance technical support employee, writes that you have violated the Binance rules and your account will be deactivated. He states that you should confirm receipt of funds for the transaction and you will be given instructions on how to avoid blocking.

If you confirm receipt of payment, your cryptocurrency will be unlocked for the scammer. He removes it from the platform and you are left to deal with real technical support.

FRAUD SCHEME

One day, an AML Crypto employee decided to exchange cryptocurrency through a P2P transaction on Binance with withdrawal to a bank card.

The first step was to study the difference in rates for buying and selling the USDT token. The difference between the best bid prices turned out to be significant — 0.25 MDL ($0.014 for each token).

Therefore, we decided to place our ad.

We were in no hurry to exchange cryptocurrency and set ourselves the task of exclusively favorable conditions for exchanging cryptocurrency. This is how we placed our advertisement for the sale of cryptocurrency.

A scammer appears.

A buyer for our cryptocurrency was quickly found. The buyer initiated a transaction based on our ad. And he turned out to be a fraudster.

Immediately after the initiated transaction, a fraudster under the guise of a “Pseudo-employee of Binance technical support” writes to us about a violation of the Binance terms of use.

And since there was no response from us, the scammer transfers the transaction to the “Paid” status.

But since we did not react to this message in any way, the attacker decides that perhaps we did not see the message. Therefore, he indicates that he allegedly made a bank transfer for our transaction.

What is the scammer counting on?!

Most likely, the scammers believe that we will respond to the message and they will continue to play the show with “pseudo” technical support.

After all, it’s true that you will see a message that your account is about to be blocked, and all you need to do to avoid this is close the deal.

Please also pay attention to one feature in how the text is written:

1. **The text is not in English and does not match the interface language.**The attacker comes from the region of your bank, assuming that the language of that country is understandable to you. In our case, the currency was Moldovan leu, and the scammer assumed that we spoke Moldovan.

2. **The text does not appear uniform.**This is due to the fact that the text is written in two languages, English and Romanian. Therefore, Binance’s internal anti-fraud systems do not detect suspicious text because it is not translated and, as a result, the context of the fraud is not identified.

When Binance recognizes fraudulent intent, the system alerts the client of the risk:

The attacker writes “Binance Support” at the beginning of each message to mislead the user about who he is communicating with:

Emotional pressure on the “victim”.

To give you less time and more stress, scammers switch to appeal mode.

They mean you are not releasing the cryptocurrency, but they supposedly paid for everything. The attackers understand that Binance will not connect instantly and there is an opportunity to put the squeeze on you.

Meanwhile, they begin to put emotional pressure on you:

We’re playing along with a scammer.

An AML Crypto employee decides to play along with them to understand what will happen next:

At this point, it is correct for the user to file a counter-appeal in the transaction, attaching all evidence that you did not receive the funds. And under no circumstances confirm receipt of funds if you have not received them.

In our case, the evidence was provided in the form of an explanation of the circumstances, emphasizing that the user was pretending to be a technical support employee, as well as a video demonstration, which showed that there was no credit to the specified card.

Most likely, scammers will continue to try to convince you that they are Binance support employees, causing you to fear that if you do not confirm receiving funds from them now, your cryptocurrency will be blocked, as well as your account itself.

The scammers also tried to introduce “Customer Support” into this role-playing game, but we were not interested in this:

CONCLUSION

We ended this dialogue with a phrase about who we are and provided our site to the scammers.

The scammers turned out to be curious people; they actually visited our site :)They watched us through a VPN from the Kenya region (Nairobi), from a monitor with a resolution of 1920x1200 pixels, with the Windows 10 operating system. ClientID: 1700817676483300689

Well, after getting acquainted with our activities, we decided to cancel our appeal. They have no other complaints that we do not release cryptocurrency. And we don’t say goodbye to you, but say until we meet again.