[TheKnack]

I got an email that is made to appear as if it's from Binance today, having never interacted with Binance in any way. The email looks like it could potentially be an actual Binance email someone has copied and modified.

The actual sending domain for the email is sg.djamo.ci. Most of the links in the email are bit.ly redirects to https://bina-defi.net/markets/. Whois lookup for this domain only results in "Whois record is unavailable at this time." The server IP appears to be hosted in Germany at a hosting provider called Xsserver Gmbh. Links to "Binance.com", Unsubscribe, etc. in the email point to sg.djamo.ci and don't work (either that or my Pi-Hole is blocking them).

Everything on the web site prompts the user to connect their wallet. I can't tell if this is an elaborate phishing attempt to drain people's wallets, or a legitimate site that's set up in a way that look suspicious.

Edit: The footer of the email says the following, in spite of none of the links in the email going to the legitimate Binance.com site

Kindly note: Please be aware of phishing sites and always make sure you are visiting the official Binance.com website when entering sensitive data.

[hey2022]

This doesn't even look like an elaborate phishing attempt. It's a pretty standard tactic:

1. make an email look legitimate

2. point to an unrelated scammer-owned domain

3. steal user's financial details (be that a wallet, visa card, bank account, etc).

[lavezzi]

For anyone else who isn't as familiar with Binance, they always send a pre-defined anti-phishing code in their emails: https://i.imgur.com/JCA3Pvk.png