How scammers tried to deceive an AML Crypto employee through the P2P version

You have decided to carry out a P2P transaction to exchange cryptocurrency for fiat with withdrawal to your bank card. You use Binance P2P or another platform as a tool. You create an advertisement for the sale of cryptocurrency. A scammer responds to your ad.

The fraudster changes this transaction to «paid» status. In fact, the funds were not sent to you. The platform asks you for confirmation of payment.

A fraudster in the transaction chat, masquerading as a Binance technical support employee, writes that you have violated the Binance rules and your account will be deactivated. He states that you should confirm receipt of funds for the transaction and you will be given instructions on how to avoid blocking.

If you confirm receipt of payment, your cryptocurrency will be unlocked for the scammer. He removes it from the platform and you are left to deal with real technical support.
Fraud scheme
One day, an AML Crypto employee decided to exchange cryptocurrency through a P2P transaction on Binance with withdrawal to a bank card.

The first step was to study the difference in rates for buying and selling the USDT token. The difference between the best bid prices turned out to be significant - 0.25 MDL ($0.014 for each token).

Screenshot 1. Binance. P2P trading. Advertisements for selling USDT for MDL

Screenshot 2. Binance. P2P trading. Advertisements for purchasing USDT for MDL

Therefore, we decided to place our ad. We were in no hurry to exchange cryptocurrency and set ourselves the task of exclusively favorable conditions for exchanging cryptocurrency. This is how we placed our advertisement for the sale of cryptocurrency.

Screenshot 3. Binance. P2P trading. Announcement of sale of 1110 USDT at the rate of 18.05

A buyer for our cryptocurrency was quickly found. The buyer initiated a transaction based on our ad. And he turned out to be a fraudster.

Immediately after the initiated transaction, a fraudster under the guise of a “Pseudo-employee of Binance technical support” writes to us about a violation of the Binance terms of use.

And since there was no response from us, the scammer transfers the transaction to the “Paid” status.

Screenshot 4. Binance. Chat communication between the parties to the transaction

But since we did not react to this message in any way, the attacker decides that perhaps we did not see the message. Therefore, he indicates that he allegedly made a bank transfer for our transaction.
What is the scammer counting on?!
Most likely, the scammers believe that we will respond to the message and they will continue to play the show with “pseudo” technical support.

After all, it’s true that you will see a message that your account is about to be blocked, and all you need to do to avoid this is close the deal.

Please also pay attention to one feature in how the text is written:
The text is not in English and does not match the interface language.
The attacker comes from the region of your bank, assuming that the language of that country is understandable to you. In our case, the currency was Moldovan leu, and the scammer assumed that we spoke Moldovan.
The text does not appear uniform.
This is due to the fact that the text is written in two languages, English and Romanian. Therefore, Binance’s internal anti-fraud systems do not detect suspicious text because it is not translated and, as a result, the context of the fraud is not identified.
When Binance recognizes fraudulent intent, the system alerts the client of the risk:

The attacker writes “Binance Support” at the beginning of each message to mislead the user about who he is communicating with:

Screenshot 5. Binance. Chat communication between the parties to the transaction

To give you less time and more stress, scammers switch to appeal mode.

They mean you are not releasing the cryptocurrency, but they supposedly paid for everything. The attackers understand that Binance will not connect instantly and there is an opportunity to put the squeeze on you.

Screenshot 6. Binance. Chat communication between the parties to the transaction

Meanwhile, they begin to put emotional pressure on you:

Screenshot 7. Binance. Chat communication between the parties to the transaction

An AML Crypto employee decides to play along with them to understand what will happen next:

Screenshot 8. Binance. Chat communication between the parties to the transaction

Remember, P2P transactions involve a direct transfer of fiat funds from one user to another. Funds do not go through exchange bank accounts.

At this point, it is correct for the user to file a counter-appeal in the transaction, attaching all evidence that you did not receive the funds. And under no circumstances confirm receipt of funds if you have not received them.

In our case, the evidence was provided in the form of an explanation of the circumstances, emphasizing that the user was pretending to be a technical support employee, as well as a video demonstration, which showed that there was no credit to the specified card.

Most likely, scammers will continue to try to convince you that they are Binance support employees, causing you to fear that if you do not confirm receiving funds from them now, your cryptocurrency will be blocked, as well as your account itself.

Screenshot 9. Binance. Chat communication between the parties to the transaction

The scammers also tried to introduce “Customer Support” into this role-playing game, but we were not interested in this:

Screenshot 10. Binance. Chat communication between the parties to the transaction

We ended this dialogue with a phrase about who we are and provided our site to the scammers.

The scammers turned out to be curious people; they actually visited our site :)
They watched us through a VPN from the Kenya region (Nairobi), from a monitor with a resolution of 1920x1200 pixels, with the Windows 10 operating system. ClientID: 1700817676483300689

Well, after getting acquainted with our activities, we decided to cancel our appeal. They have no other complaints that we do not release cryptocurrency. And we don’t say goodbye to you, but say until we meet again.

Screenshot 11. Binance. Chat communication between the parties to the transaction
Check blockchain address using Btrace
In seconds, determine the risk level of the counterparty’s address, find out the source of his funds and make an informed decision about interacting with him.




We also recommend