The Binance Anti-Phishing Code is a string of 4-20 characters that you set yourself. Once enabled, this code will appear at the top of every official email Binance sends you—if it's not there, it's a phishing email. Setup takes only 1 minute and can intercept 99% of Binance phishing emails. Before any account operations, verify your identity on the Binance official website, get the APK from the official Binance APP, and find all platform processes at the Download Center. This article explains the key points of setup and usage.
How the Anti-Phishing Code Works
Common tactics used in phishing emails:
- Attackers forge a Binance email (the sender shows [email protected]).
- The email content looks real (sometimes including the logo and correct formatting).
- Links point to a phishing site.
- Users log in through the link, and their account password is stolen.
How the Anti-Phishing Code breaks this:
- You set a string that only you and the Binance server know.
- When Binance sends an email, it places this string at the very top.
- Attackers do not know your code, so forged emails will lack this string.
- When you see an email without the code, you know it's fake.
Simple and effective, with almost zero cost.
Setup Steps
1. Enter Settings
- APP: "Account → Security → Anti-Phishing Code"
- Web: Top-right Avatar → Security → Anti-Phishing Code
2. Set Your String
Enter your own string:
- Length: 4-20 characters.
- Characters: English letters + Numbers (case-sensitive).
- Avoid: Your name, birthday, phone number, or easily guessable passwords.
Recommended Examples:
Coffee2024SunDragon99XSunset_QXMyOwnCode42
Examples to Avoid:
binance2026(contains "binance")password(too common)123456(weak password)张三(Chinese characters not supported)
3. Verification
After entering it, the system will send a test email to your registered address with the string displayed at the top.
Confirm after receiving the test email:
- The email is from [email protected] or @post.binance.com.
- Your Anti-Phishing Code is clearly displayed at the top.
Once confirmed, the Anti-Phishing Code takes effect.
All Future Binance Emails
After setup, every official email from Binance will display your Anti-Phishing Code at the top:
| Email Type | Code Displayed? |
|---|---|
| Registration Confirmation | ✓ |
| Login Notification | ✓ |
| Withdrawal Confirmation | ✓ |
| Deposit Successful | ✓ |
| Security Setting Change | ✓ |
| KYC Audit Results | ✓ |
| Announcements | ✓ |
| Marketing Promotions | ✓ |
| Support Replies | ✓ |
Any "Binance email" without the Anti-Phishing Code is 100% a phishing email.
Common Characteristics of Phishing Emails
Besides missing the Anti-Phishing Code, phishing emails often have these traits:
1. Sense of Urgency
An anomaly detected in your account; it will be frozen if not verified within 24 hours.
You have an unusual withdrawal request; click here to view immediately.
Real Binance notifications do not use threatening tones.
2. Requiring You to Click a Link to Log In
Phishing email links point to fake login pages:
- Displayed text:
https://binance.com/login - Actual link:
https://binance-secure.com/login(hover over the link to see the actual URL).
Binance rarely requires you to click a link to log in—important actions are usually performed within the APP.
3. Requesting Sensitive Information
- Requesting your password.
- Requesting 2FA codes.
- Requesting mnemonic phrases.
- Requesting your full ID number.
Binance never asks for this information via email.
4. Unusual Sender Domains
Real Binance senders:
- [email protected]
- [email protected]
- @post.binance.com
Common phishing domains:
- [email protected] (fake domain)
- [email protected] (fake domain)
- [email protected] (fake domain)
Always check the full sender domain to be sure.
5. Spelling and Grammar Errors
Phishing emails often have:
- Strange mix of languages.
- Clunky translations.
- Punctuation errors.
- Misspelled company names (e.g., "Binence," "Binnance").
Real Binance emails are professionally localized and nearly error-free.
Advanced Use of Anti-Phishing Code
1. Rotate Regularly
It is recommended to change your Anti-Phishing Code every 6-12 months:
- Prevents the code itself from being leaked.
- The entry for changing it is the same as for setup.
2. Different Codes for Different Accounts
If you have multiple Binance accounts (not recommended, but some do), set a different code for each.
3. Share with Spouse/Family
If family members handle Binance matters on your behalf, tell them your code so they can also identify fake emails.
4. Do Not Discuss It Publicly
Keep the code itself secret:
- Don't write it on blogs.
- Don't post it on social media.
- Don't tell colleagues/friends (unless they are family).
Limitations of the Anti-Phishing Code
The Anti-Phishing Code only protects against phishing emails; it does not protect against:
- Login Page Phishing: You visit a phishing login page and enter your password.
- In-App Phishing: A fake APP tricks you into entering your password.
- Support Phishing: A fake "support agent" contacts you.
- Malware: Keyloggers, screen captures.
It needs to be combined with other security mechanisms:
- 2FA (Dynamic codes).
- Withdrawal Whitelist (Restricting fund flow).
- Anti-Phishing Code (Identifying email authenticity).
- Operational Password (Double verification).
Failed to Set Anti-Phishing Code
Common Errors
- "String too short": Must be at least 4 characters.
- "String too long": No more than 20 characters.
- "Contains illegal characters": Only English letters and numbers are supported.
- "Requires 2FA verification": Enable 2FA before setting the Anti-Phishing Code.
Adjust according to the prompts.
Risks of Not Enabling the Anti-Phishing Code
If you do not enable the Anti-Phishing Code:
- You cannot determine the authenticity of "Binance emails."
- You are more likely to click phishing links.
- You might enter your password into a fake login page.
- The risk of account theft increases significantly.
Setting up the Anti-Phishing Code takes 1 minute and significantly reduces phishing risks—it's high value for very little effort.
Combination with Other Security Settings
Best security practices:
- 2FA (Prevents password leaks).
- Anti-Phishing Code (Prevents phishing emails).
- Withdrawal Whitelist (Prevents assets from being transferred out).
- Device Management (Monitors unusual logins).
- Double Verification (Email secondary confirmation for large transactions).
Enabling all five is the "Standard Protection" for a Binance account.
FAQ
Q: Can I change my Anti-Phishing Code? A: Yes. Just go to "Account → Security → Anti-Phishing Code" and set a new one.
Q: What if I forget my Anti-Phishing Code? A: Log in and check the settings page (it will display the current value). Or simply set a new one.
Q: Does the Anti-Phishing Code appear in SMS messages? A: No. Only official emails from Binance contain the code. SMS messages are too short to include it.
Q: Does the Anti-Phishing Code protect against APP push notifications? A: APP push notifications are sent directly from Binance servers to the APP, making them very difficult to phish. The code is primarily for emails.
Q: Do other exchanges have similar features? A: OKX, KuCoin, Bitget, and other major exchanges also have anti-phishing code features. It is recommended to set them on all exchanges you use.
Q: Does the Anti-Phishing Code affect email delivery speed? A: No. It's just a line of text in the email body and does not affect sending or receiving.
Summary
The Binance Anti-Phishing Code is the simplest and most effective tool to prevent phishing emails: You set a 4-20 character string → all official Binance emails display this string at the top → any email without it is fake. Setup takes only 1 minute and can intercept 99% of phishing emails. Combined with other security settings (2FA, Withdrawal Whitelist, Device Management), it forms a complete defense. All Binance users should enable the Anti-Phishing Code—there is no reason not to.