Fake crypto exchange KYC identity verification phishing — Binance/Coinbase/Kraken impersonation demanding government ID upload or account will be frozen/suspended + AML compliance pretext + sender domain is always a lookalike, never the real exchange domain

Phishing emails impersonating cryptocurrency exchanges (Binance, Coinbase, Kraken, Bybit, Crypto.com, KuCoin, OKX, Gemini, Bitstamp) with fake mandatory KYC (Know Your Customer) or AML (Anti-Money Laundering) compliance demands — the email threatens account suspension, withdrawal freeze, or funds lock unless the victim uploads government-issued ID, passport, and proof of address within 24-72 hours. Key facts: (1) Legitimate exchanges do require KYC, but these requests come from within the platform app after login — never as unsolicited cold emails with external upload links; (2) The sender domain is always a lookalike (binance-kyc-center.com, coinbase-account-verify.net) — real Binance emails come from @binance.com only, real Coinbase from @coinbase.com; (3) The "AML compliance review" pretext adds official-sounding legitimacy — FinCEN and FATF regulations are real, but enforcement happens through the exchange platform, not via email ultimatums; (4) Uploaded government IDs are used for identity theft, fraudulent account openings, or sold on dark markets; (5) The "funds will be locked" threat creates urgency that bypasses critical thinking. Warning signs: non-official sender domain, 24-72 hour ultimatum, request to upload ID to external site, "regulatory compliance" language.