How to report a phishing scam to Binance security team?

Reporting Phishing Attempts to Binance

1. Immediately cease all interaction with the suspicious message, link, or website. Do not enter credentials, download attachments, or transfer funds.

2. Capture full screenshots of the phishing content — including URL address bars, message headers, sender details, and any visible branding used to impersonate Binance.

3. Submit the evidence via Binance’s official Security Incident Reporting Form, accessible only through the verified Binance Help Center portal at support.binance.com — never through third-party links or search engine results.

4. Forward phishing emails directly to phishing@binance.com with subject line “PHISHING REPORT” and include raw email headers if possible.

5. Report WhatsApp-based impersonation attempts by forwarding the entire chat thread (with timestamps and contact info) to Binance’s verified Telegram channel @Binance_Support — only after confirming the channel’s authenticity via the official Binance website.

Fake Domain Identification Tactics

1. Scammers register domains mimicking Binance’s official structure — examples include binance-support.net, binance-secure.org, and binnance.com — all lacking HTTPS lock icons or displaying certificate warnings in browsers.

2. Legitimate Binance domains strictly use binance.com as the root; any variation with hyphens, extra letters, or alternate TLDs (.org, .net, .xyz) is unauthorized and malicious.

3. Browser address bars may display deceptive subdomains like “support.binance-com-login[.]xyz”, where the real domain appears buried after a dot — always inspect the final segment before the slash.

4. Fake sites often replicate login pages with pixel-perfect fidelity but omit two-factor authentication prompts or display inconsistent UI elements such as misaligned logos or outdated language toggle options.

5. DNS lookup tools reveal that fraudulent domains frequently resolve to IP addresses hosted in jurisdictions with weak cybercrime enforcement — notably Cambodia, Nigeria, and Russia.

WhatsApp Impersonation Red Flags

1. Unsolicited messages claiming account suspension, KYC verification failure, or urgent wallet maintenance — Binance never initiates contact via WhatsApp for operational alerts.

2. Requests for screenshots of your Binance app interface, seed phrase recovery words, or SMS one-time passwords — these are absolute violations of Binance’s security policy.

3. Use of unofficial profile pictures, absence of blue verification badge, and inconsistent naming conventions — e.g., “Binance Official Support Team” instead of “Binance Support”.

4. Messages containing shortened URLs, Bit.ly redirects, or QR codes pointing to non-binance.com domains — all serve as gateways to credential harvesting portals.

5. Pressure tactics involving countdown timers, threat of permanent fund freezing, or fabricated legal consequences — designed to override rational verification behavior.

Internal Account Compromise Indicators

1. Unexpected API key creation without user initiation — visible under Wallet > API Management — often accompanied by unfamiliar IP geolocations or device fingerprints.

2. Unexplained withdrawals routed to newly added whitelisted addresses outside your historical pattern — especially those registered within minutes of a suspicious login.

3. Sudden deactivation of Google Authenticator or SMS 2FA without manual intervention — signals backend session hijacking or SIM swap exploitation.

4. Email notifications showing logins from unrecognized cities, time zones, or browser agents — particularly when originating from Tor exit nodes or VPS providers.

5. Appearance of phantom trading bots or auto-withdrawal scripts in Futures or Margin accounts — deployed silently through compromised API permissions.

Common Questions and Direct Answers

Q: Can I report a scammer’s WhatsApp number directly to Binance?Yes — forward the full chat history and number to @Binance_Support on Telegram, then file a concurrent report with your local cybercrime unit using the evidence package.

Q: Does Binance refund funds lost to phishing scams?No — Binance explicitly states it does not reimburse losses resulting from user disclosure of credentials to third parties, regardless of deception level.

Q: How do I verify if an email claiming to be from Binance is authentic?Check the sender’s domain — only emails ending in @binance.com are legitimate; reject any from @binance-support.org, @binance-security.net, or similar variants.

Q: What should I do if I entered my password on a fake Binance site?Immediately change your Binance password, revoke all active API keys, disable SMS 2FA, enable Google Authenticator, and scan your device for keyloggers using Malwarebytes or Windows Defender.