Have you ever received an email from "Binance" claiming your account has a security risk and needs immediate attention? Do not rush to click that link — it is very likely a phishing email. Binance's anti-phishing code feature is your weapon for identifying real versus fake emails. Set it up now on the Binance official website or the official Binance app. iPhone users see the iOS installation guide.
What Is an Anti-Phishing Code?
An anti-phishing code is a special string you create yourself (text, numbers, or symbols). Once set, every official email from Binance will include this string.
If you receive an email claiming to be from Binance but it does not contain your anti-phishing code, it is 100% a phishing attempt — delete it immediately.
This feature is simple but extremely effective. Scammers do not know your anti-phishing code, so their forged emails can never contain the correct one.
Setup Steps
Step 1: Go to security settings
App: Profile > Security > Advanced Security > Anti-Phishing Code Web: Avatar > Security > Anti-Phishing Code > Set
Step 2: Enter your code — Create a 4-20 character combination. Tips: avoid simple strings like "1234," do not use your name or birthday, consider using an abbreviation of a phrase only you know. Remember it or store it safely.
Step 3: Complete verification — Enter SMS and/or Google Authenticator codes to confirm.
Step 4: Verify it works — Next time Binance sends you an email (login notification, withdrawal confirmation, etc.), your anti-phishing code will appear, typically at the top or bottom of the email.
How to Identify Phishing Emails
Beyond the anti-phishing code, these characteristics help spot fakes:
Check the sender address: Official Binance emails come from specific domains (@binance.com, @post.binance.com, etc.). Unusual domains like [email protected] are fake.
Examine the content: Phishing emails create urgency ("your account will be frozen in 24 hours"), request you to click links and enter passwords, contain grammar errors, and may not address you by name.
Inspect link URLs: Hover over links (do not click) to see the actual URL. The official domain is binance.com. Links to other domains (binance-security.com, binancelogin.net, etc.) are phishing.
Use Binance Verify: Binance's official verification tool lets you check email addresses, phone numbers, and URLs to confirm they are legitimate Binance channels.
Common Phishing Tactics
Tactic 1: Fake security alerts — Emails claiming "unusual login detected, click here to verify your identity." The link leads to a fake login page that captures your password.
Tactic 2: Impersonating support — Someone on social media privately messages claiming to be "Binance support" and asks for your password, verification codes, or to transfer funds. Real Binance support never initiates contact and never asks for passwords.
Tactic 3: Fake airdrops/rewards — Messages saying "you won a Binance airdrop, click to claim." Links lead to phishing sites requesting wallet connections or passwords.
Tactic 4: Fake apps — Counterfeit Binance apps distributed through unofficial channels. After installation, every credential you enter is sent to scammers. Always download from official sources.
Additional Security Advice
Do not click search engine ads: When searching for "Binance," some ad links may be phishing sites. Type the official domain directly or use bookmarks.
Bookmark the official site: After confirming you are on the real website, immediately save it as a bookmark and always access it from there.
Avoid public WiFi for logins: Public WiFi can be monitored. Use mobile data if you must access Binance away from home.
Change your anti-phishing code periodically: Update it every few months for enhanced security.
Setting up an anti-phishing code takes just 1 minute, but it is one of the simplest and most effective defenses against phishing attacks. If you have not set one up yet, do it now.