Table of Contents 18 sections

Phishing Emails: The Most Common Attack in Crypto

Have you ever received an email like this: "Your Binance account has been flagged for unusual activity — please click this link immediately to verify your identity" — with a link that looks almost identical to the official Binance website? If you clicked through and entered your password, congratulations: you just got phished.

Phishing emails are one of the most prevalent attack methods in the cryptocurrency space. According to industry security reports, more than 70% of crypto asset theft incidents are related to phishing attacks. Attackers forge official-looking Binance emails — from the sender address to the email layout — with such precision that ordinary users find them very difficult to identify at a glance.

The Anti-Phishing Code feature on Binance is designed to solve exactly this problem. Once set up, every official email from Binance will display your unique personal identifier. Any email claiming to be from Binance that does not contain this code is, without exception, a phishing email. Simple, blunt, and extremely effective.

What Is an Anti-Phishing Code?

An anti-phishing code is a custom string of 4–20 characters (letters and numbers) that you define yourself. Once set, it appears in a prominent location in all official Binance emails (typically at the top of the email). Because only you know this code, phishing email creators have no way of knowing or replicating it.

How it works:

  • You set your anti-phishing code to (for example) "MyCode123"
  • From that point on, all official Binance emails will begin with: "Your anti-phishing code: MyCode123"
  • If you receive a "Binance" email that does not contain this code → it is 100% a phishing email
  • If you receive an email that does contain this code → it is very likely an official email (but still check the sender address)

Setup Steps

Step 1: Access Security Settings

  1. Open the Binance APP
  2. Tap your profile picture in the top-left corner to enter your Personal Center
  3. Tap "Security"
  4. Scroll down to find the "Advanced Security" section
  5. Find the "Anti-Phishing Code" option and tap it

Step 2: Create Your Anti-Phishing Code

  1. Tap "Create Anti-Phishing Code"
  2. Enter the code you want to use (4–20 characters)
  3. Recommended guidelines for your code:
    • Use a combination that is easy for you to remember but hard for others to guess
    • Do not use personal information such as your birthday or phone number
    • Mix uppercase letters, lowercase letters, and numbers
    • Examples: Tech2025Review, SafeCoin88
  4. Tap "Submit"

Step 3: Complete Security Verification

  1. The system will require a security verification
  2. Enter your Google Authenticator code and/or SMS verification code
  3. Once verified, your anti-phishing code takes effect immediately

Step 4: Confirm the Setup Was Successful

  1. After setup is complete, Binance will immediately send a confirmation email
  2. Open your email and check this message
  3. Confirm that your anti-phishing code is displayed in the email
  4. If it appears correctly, your setup was successful

How to Change Your Anti-Phishing Code

It is recommended to change your anti-phishing code every 3–6 months as a precaution:

  1. Go to "Security" > "Anti-Phishing Code"
  2. Tap "Modify"
  3. Enter your new anti-phishing code
  4. Complete the security verification
  5. The change takes effect immediately, and all subsequent emails will display the new code

A Complete Guide to Identifying Phishing Emails

The anti-phishing code is the most direct identification tool, but you should also master additional techniques:

Checklist

  1. Is the anti-phishing code correct? This is the first thing to check
  2. Sender address:
    • Official addresses end with @binance.com
    • Look for extra letters or digits (e.g., @binanace.com)
    • Watch out for tricks like substituting similar characters (replacing the letter O with the number 0, etc.)
  3. Link addresses:
    • Hover over links (do not click) to see where they actually lead
    • Official links should be https://www.binance.com/...
    • Any link using a domain other than binance.com is suspicious
  4. Email content:
    • Official emails will never ask you to enter your password through a link in the email
    • Official emails will not use threatening language to create urgency
    • Official emails are well-written; phishing emails often contain awkward phrasing or translation errors

Common Phishing Email Types

Type 1: Account Anomaly Notification

"We have detected unusual login activity on your account. Please click to verify immediately..."

Type 2: Fake Promotions / Airdrops

"Congratulations! You have been selected for a special airdrop event. Click to claim..."

Type 3: Urgent Security Upgrade

"Due to a security upgrade, you need to re-verify your account within 24 hours..."

Type 4: Fake Withdrawal Confirmation

"Your withdrawal request has been submitted. If this was not you, click here to cancel..."

For all of the above, if the email does not contain your anti-phishing code, delete it immediately.

Limitations of the Anti-Phishing Code

While the anti-phishing code is very effective, it does have limitations:

  1. Email only: SMS phishing and in-app phishing are not covered by the anti-phishing code
  2. Does not prevent you from visiting phishing websites directly: If you navigate to a fake Binance website through a search engine, the anti-phishing code cannot help you
  3. Does not protect against a compromised email account: If an attacker directly hacks your email inbox, they can see your anti-phishing code

Additional Protective Measures

  1. Bookmark the official URL: Add www.binance.com to your browser bookmarks and always access the site through that bookmark
  2. Use the Binance Verify tool: The official website footer includes a "Binance Verify" tool where you can check whether an email address, phone number, or URL belongs to Binance officially
  3. Do not click links in emails: Even if an email displays the correct anti-phishing code, it is recommended to go directly to the official website through the app or your bookmark rather than clicking links
  4. Enable security notifications: This way you will receive push notifications immediately for any changes to your account

Real-World Case Studies

Case 1: A High-Quality Phishing Email

A user received an email that visually replicated the official Binance template exactly, claiming their account needed an urgent security upgrade. The link in the email pointed to binance-secure.com (a non-official domain). Because this user had set their anti-phishing code to "TechSafe99" and the email did not display this code, they immediately identified it as a phishing email and reported it.

Case 2: A Cautionary Tale

Another user had not set up an anti-phishing code. They received an email claiming a withdrawal was pending confirmation. Since they happened to have an actual pending withdrawal at the time (by coincidence), they clicked the link in the email and entered their password and verification code. The result: all assets in their account were transferred out. If they had set an anti-phishing code, they would have been able to identify the forged email immediately.

Best Practices for Your Anti-Phishing Code

  1. Set it up right now: If you have not set up an anti-phishing code yet, stop reading and go set it up immediately
  2. Memorize your code: Keep it in your head and make it a habit to check for it every time you receive an email from Binance
  3. Change it periodically: Update it every 3–6 months
  4. Do not tell anyone: Including people who claim to be Binance customer support
  5. Combine with other security measures: Anti-phishing code + Google Authenticator + Withdrawal Whitelist = an extremely high level of security

Summary

Setting up an anti-phishing code takes just one minute, but it could save you from losing tens of thousands — or even hundreds of thousands — of dollars in the future. It is the simplest security feature Binance offers to set up and the one with the most immediately visible effect — there is absolutely no reason not to enable it. Remember: in the crypto world, security is not optional. It is mandatory.

Register on Binance | Download Binance APP

Download Binance App

Click to download — available on all platforms

Download Android APK Register Binance Account

Register Now

Register via our exclusive link and download the Binance app to enjoy permanent trading fee discounts

Sign Up Download App