The Anti-Phishing Code is one of Binance's most effective features against fake emails — once set, every genuine email from Binance will include a string of custom text you define in its subject or body. Emails missing this string are phishing attempts. This article clearly explains how to set it up and use it. The setup portal is in the "Security Center". You can log in to the Binance official website to configure it immediately. Mobile users can also use the Binance official APP for setup. Apple users please refer to the iOS Installation Guide.
What is an Anti-Phishing Code
An Anti-Phishing Code is a 4-20 character string you set yourself, such as MyBNB2026 or JohnDoe168.
The effect after setting:
- Every email sent by Binance (login notification, withdrawal alert, KYC notification, etc.) will display this string prominently in the email subject or body.
- Attackers don't know your anti-phishing code, so the fake emails they send won't include it.
- You only need a quick glance to determine if the email is genuine.
This is an extremely simple but extremely effective anti-phishing solution, and all Binance users should enable it.
Why Do You Need an Anti-Phishing Code
How Rampant Phishing Emails Are
Phishing emails received by Binance users daily come from various spoofed domains:
binance-support.combinance.official-mail.combiiance.combimance.combinance.verify-xx.com
These emails look incredibly realistic — the logos, color schemes, fonts, and tone are exactly the same as genuine emails, even down to the disclaimer at the bottom. Ordinary users simply cannot spot the flaws.
The Core Advantage of the Anti-Phishing Code
The Anti-Phishing Code does not rely on you identifying the authenticity. You only need to check one thing: "Is this string of text there?"
- Yes → Genuine email
- No → Phishing email, delete immediately
This is "explicit verification", which is far more reliable than "spot the difference" judgment.
Steps to Set Up the Anti-Phishing Code
Step 1: Enter the Security Center
- Log in to binance.com.
- Click the avatar in the upper right corner → "Security".
- Scroll down and find "Anti-Phishing Code".
Step 2: Click "Create"
- Click "Create" or "Enable".
- The system will ask you to complete a security verification:
- Enter email verification code.
- Enter Google Authenticator 6-digit code.
- After passing verification, enter the setup page.
Step 3: Enter the Anti-Phishing Code
Setup Principles:
- 4-20 characters.
- Can contain letters and numbers (some regions allow special characters).
- Do not use common words (like
password,123456,binance). - Do not use your name, birthday, or phone number.
- Do not use the same password as other websites.
- Easy for you to remember, but impossible for others to guess.
Recommended Anti-Phishing Code Examples:
Moon8848(Random combination of letters + numbers)JD_Safe_2026(A combination with a personal touch)BtcHODL777(An industry-characteristic string)GogoBinance42(Easy to remember, hard to guess)
Not Recommended:
12345678(Too simple)john123(Related to username)password(Generic word)
Step 4: Confirm and Save
- Enter the Anti-Phishing Code.
- Enter again to confirm.
- Click "Submit".
- The system prompts "Anti-Phishing Code successfully set".
From this moment on, all emails Binance sends you will carry this string of text.
How to Find the Anti-Phishing Code in Emails
Location 1: Email Subject Line
Genuine emails will have the Anti-Phishing Code in the subject, for example:
[Binance][MyBNB2026] New Device Login Alert
[Binance][MyBNB2026] Withdrawal Request Confirmation
Location 2: Beginning of the Email Body
The first paragraph of the email body will have a prompt like this:
Your Anti-Phishing Code: MyBNB2026
If you see this code, this email is from official Binance.
If you do not see it, please do not click any links in the email.
Location 3: Above the Signature
Some emails will place the Anti-Phishing Code above the signature block, alongside disclaimers like "This email is automatically sent by the system".
Regardless of the location, as long as you can find the string of text you set, it is a genuine email.
Anti-Phishing Code Verification in Practice
Scenario 1: Receiving a "Withdrawal Confirmation" Email
- Check the subject and body.
- Look for your Anti-Phishing Code.
- Found it → This is indeed sent by Binance, operate as instructed.
- Didn't find it → Delete immediately, do not click any links.
Scenario 2: Receiving an "Account Anomaly" Email
- Be wary of urgent language ("Your account will be frozen in 2 hours").
- Check the Anti-Phishing Code.
- Not there → Phishing email, do not click links.
- There → Log in to the Binance official website to check (never click links in the email).
Scenario 3: Receiving an Email Requesting "Re-verify Identity"
- Binance never asks you to redo KYC via email.
- Even if it has the Anti-Phishing Code, be vigilant.
- Log in to the binance.com official website to check if it's really necessary.
Limitations of the Anti-Phishing Code
Limitation 1: Does Not Protect the Login Interface
The Anti-Phishing Code only protects emails. Phishing websites and phishing apps will not display your Anti-Phishing Code. So after setting up the Anti-Phishing Code, you still need to:
- Enter URLs manually (do not click links sent by others).
- Check if the domain is correct.
- Check the SSL certificate.
Limitation 2: Screenshot Phishing
A very few advanced phishing attacks will first send a genuine email, screenshot the Anti-Phishing Code, and then forge an email with the screenshot pasted in. This attack is very rare, but you still must be vigilant of unusual email formats.
Limitation 3: Cannot Prevent Your Own Leakage
Never send your Anti-Phishing Code to anyone (including someone claiming to be "Binance Customer Service"). Real Binance Customer Service will never ask for your Anti-Phishing Code.
Complementing Other Security Measures
The Anti-Phishing Code is one link in the entire security system and needs to be used in conjunction with other measures:
- Google Authenticator 2FA (The second barrier during login)
- Withdrawal Whitelist (Limit addresses that can be withdrawn to)
- Device Management (Promptly kick out unfamiliar devices)
- Anti-Phishing Code (Email authenticity verification)
- API Key Management (Keep only the ones in use)
Layering these five protections makes the probability of account theft extremely low.
How to Modify or Delete the Anti-Phishing Code
Modify
- "Security Center" → "Anti-Phishing Code"
- Click "Edit"
- Complete security verification
- Enter the new Anti-Phishing Code
- Submit
Delete
Not recommended to delete. The Anti-Phishing Code is a free security enhancement. After deletion, your ability to identify phishing emails will drop significantly. If you really must delete it, the entrance is the "Disable" button on the same page.
Frequently Asked Questions
Q: Will the Anti-Phishing Code show up on the login page?
A: No. The Anti-Phishing Code only appears in emails. The login page will not display it, and phishing sites will not display it. Do not assume a site is fake just because the login page lacks the Anti-Phishing Code.
Q: What if I forget my Anti-Phishing Code?
A: Log in → Security Center → Anti-Phishing Code → View. You can also directly modify it to a new one, without needing to remember the old one.
Q: Does the Anti-Phishing Code apply to all emails?
A: It applies to emails automatically sent by the Binance system. Marketing emails or campaign pushes might not carry the Anti-Phishing Code — in this case, remain vigilant, and prioritize trusting emails with the code.
Q: If I log in from multiple devices, will the Anti-Phishing Code be different?
A: It is the same. The Anti-Phishing Code is bound to the account, not the device. Regardless of which device you log in from, the emails you receive will carry the same Anti-Phishing Code.