Let's get straight to the point: the Binance Anti-Phishing Code is a customized 4 to 20-character string you create. Once set, every official email from Binance will automatically include this code, allowing you to instantly determine if an email is genuine or a scam. The setup process takes less than a minute. If you need to log in to set it up, go to the official Binance website. App users can download the official Binance App for Android, and Apple users can refer to the iOS installation guide to download it via a regional Apple ID.

Many users receive daily emails from "Binance" about promotions, withdrawal confirmations, and security warnings, but have no way to verify which ones are real and which are phishing attempts. The Anti-Phishing Code solves this problem entirely: you establish a secret phrase known only to you and Binance's servers. All official emails will contain this secret phrase, and any email lacking it is guaranteed to be a fake.

How the Anti-Phishing Code Works

Every time Binance's system sends you an email, it automatically injects your customized Anti-Phishing Code into the body of the message (usually in the header or footer). Scammers sending phishing emails cannot possibly know your private phrase, so phishing emails will never contain the correct Anti-Phishing Code.

This mechanism has two core benefits:

  • Completely Free: It is an official Binance feature that costs nothing to enable.
  • Zero Friction: Once enabled, it does not impact your user experience in any way—it merely adds an extra line of text to your emails.

Despite this, adoption remains shockingly low—only about 23% of Binance users globally have enabled the Anti-Phishing Code. This means the majority of users navigate a sea of phishing emails daily without any built-in detection tools.

Step-by-Step Setup Guide

Step 1: Access the Security Center

After logging into your Binance account:

  • Web Version: Click your Profile Icon in the top right → Account → Security.
  • App Version: Tap "Account" at the bottom → Profile Icon at the top → Security.

Scroll down until you find the "Anti-Phishing Code" section and click "Enable."

Step 2: Create Your Code

Binance requires your Anti-Phishing Code to meet these criteria:

  • Between 4 and 20 characters in length.
  • Can include letters and numbers.
  • It is case-sensitive.
  • Cannot contain spaces only.

Follow these two rules of thumb when creating it:

Principle Good Example Bad Example
Easy to remember MyDog2025 x9k!$Q3z
Not too personal BiAnFox007 JaneDoe1990
Mix numbers/letters Crypto2026 hello
NEVER use your password (Set independently) (Same as login password)

Absolutely do not set your Anti-Phishing Code to match your login password. This code will appear in every email; if it matches your password, you are exposing your credentials in plain text.

Step 3: Confirm with 2FA

Once you submit your code, Binance will ask you to verify the change with:

  • Email verification code.
  • 6-digit Google Authenticator code.
  • SMS code (if bound).

After verifying correctly, the Anti-Phishing Code takes effect immediately.

Step 4: Test If It Works

After setting it up, go to your Binance "Wallet" page and initiate a dummy withdrawal (you don't need to actually submit it; just go as far as receiving the email OTP). Open the email you receive, and you will see a line in the body stating "Anti-Phishing Code: XXXX", where XXXX is the exact phrase you just created.

If you see this line, the setup was successful. Every future email will now carry it.

How to Identify Phishing Emails Using the Code

When you receive any email claiming to be from "Binance," regardless of how urgent it seems, look for your Anti-Phishing Code first:

Email Characteristic Conclusion Action to Take
Code is correct Genuine Email Proceed normally
Code is missing Phishing Email Mark as spam; DO NOT click links
Code is incorrect Phishing Email Mark as spam; DO NOT click links
Sender looks like Binance, but code is weird Sophisticated Spoofing Forward to report@binance.com

Scammers can easily forge sender addresses and display names, but they cannot forge the Anti-Phishing Code because they don't know what you set it to.

Common Phishing Email Scams

Before enabling the Anti-Phishing Code, you might encounter emails like these:

  • "Abnormal activity detected on your account, click here to verify immediately": Tricks you into entering your password on a fake site.
  • "You won 0.5 BTC in a recent event": Tricks you into clicking a link and connecting your wallet.
  • "Binance is delisting a coin, withdraw immediately": Creates a false sense of urgency.
  • "2FA system upgrade, please re-bind your account": Tricks you into surrendering your Authenticator key.
  • "VIP Upgrade Invitation, please provide KYC": Tricks you into uploading your ID to a fake portal.

These emails will absolutely not contain your Anti-Phishing Code. Once the feature is enabled, you can spot these scams at a glance.

Tips for Using the Anti-Phishing Code Effectively

Where to look for the code:

Binance typically places the Anti-Phishing Code at the very top or bottom of the email template, appearing like this:

Anti-Phishing Code: BiAnFox2026

Depending on your language settings, the label might translate differently (e.g., "反钓鱼码"), but the characters themselves must perfectly match your chosen phrase (case-sensitive).

When should you change it?

It is recommended to change your Anti-Phishing Code every 6 to 12 months. Also, if you ever take a screenshot of an email body (accidentally revealing the code) and post it to a forum or group chat, change the code immediately.

The Ultimate Security Trio: Anti-Phishing Code + 2FA + Withdrawal Whitelist

Combining these three features blocks 99% of all attacks:

  • Anti-Phishing Code: Filters out fake emails.
  • 2FA: Prevents unauthorized logins.
  • Whitelist: Prevents malicious withdrawals from a compromised account.

They are all indispensable.

Official Binance Email Domains

Besides checking the Anti-Phishing Code, you can also verify the sender's email address. Official Binance emails only come from these domains:

  • @binance.com
  • @mail.binance.com
  • @post.binance.com
  • @ses.binance.com

Any other suffix (e.g., @binance-vip.com, @binances.com, @binance-support.org) is a fake.

Frequently Asked Questions (FAQ)

Q: Will the Anti-Phishing Code show up in App push notifications?

No. The Anti-Phishing Code only appears in emails. In-app pushes and SMS notifications do not include it. If an "App Push" directs you to a non-Binance link, it's a scam—and the Anti-Phishing Code can't help there. It is designed specifically to thwart email phishing.

Q: What if I forget my Anti-Phishing Code?

You can view your current setup by navigating to "Security → Anti-Phishing Code," or simply initiate a dummy withdrawal to generate a confirmation email, which will display the code in the text.

Q: Can I disable the Anti-Phishing Code?

Yes, but it is highly discouraged. To disable: Security → Anti-Phishing Code → Disable. You will need to verify via 2FA and email code. Disabling it means future emails will lack the verification mark, making it difficult to spot phishing attempts.

Q: Can Binance employees see my Anti-Phishing Code?

The Binance system automatically injects the code into email templates using a placeholder; no human reviews it. While database administrators could technically query it, daily operational staff cannot see it.

Q: What's the difference between the Anti-Phishing Code and a dynamic verification code?

They are completely different. The Anti-Phishing Code is a long-term, static string that appears identically in every email. A dynamic verification code (OTP) generates a new 6-digit number every time you attempt an action and expires in 30 seconds.

Q: Can I set up the Anti-Phishing Code on the mobile App?

Yes. The Binance App supports it via "Account → Security → Anti-Phishing Code." Once set on mobile, it applies across all platforms (web and mobile alike), so you don't need to set it up twice.

Q: If I enable the Anti-Phishing Code, am I completely safe from phishing?

No. The Anti-Phishing Code only protects against phishing emails. You are still vulnerable to phishing websites, SMS scams, fake customer support on WeChat or Telegram, etc. You must maintain the following habits:

  • Bookmark official URLs; never click search engine results for Binance.
  • Never connect your wallet or sign transactions on unfamiliar websites.
  • Anyone asking you to export or hand over your Authenticator private key is a scammer.

Summary

The Binance Anti-Phishing Code takes just 1 minute to set up, costs nothing, and is an incredibly effective defense against phishing. Once configured, every official Binance email will carry your secret string, instantly exposing any fake emails. Combined with 2FA and the withdrawal whitelist, it forms the standard security trio for any Binance account. If you haven't enabled it yet, go do it right now.