Why Must You Set Up an Anti-Phishing Code?

The Anti-Phishing Code is one of the most effortless yet effective email protection mechanisms provided by Binance — set it up once, and benefit for life. Whether veteran users enable it can directly determine whether you will get phished by an "official email" some morning. Friends who haven't set it up should log in to the Binance website to spend two minutes setting it up, and mobile users can operate via the Binance official app; iOS users who haven't installed the official APP, please check out the iOS install guide. This article clearly explains its principles, setup methods, and practical responses when encountering phishing emails.

1. How the Anti-Phishing Code Works

The Anti-Phishing Code is a custom string defined by yourself inside your Binance account, 4–20 characters in length, which can be a combination of letters, numbers, and special symbols. Once set, Binance will include this string in the subject line of all official emails sent to you.

For example, if you set your anti-phishing code to SBYT-42, all genuine Binance email subjects you receive will look like this:

• [SBYT-42] Withdrawal Confirmation Notification
• [SBYT-42] New Device Login Alert
• [SBYT-42] KYC Verification Completed

Phishing emails will never know what your anti-phishing code is, so the emails they send will not have this string in the subject line. This allows you to complete the authenticity judgment within the first 3 seconds of seeing the email, without having to open the email body or check the links.

2. Why the Anti-Phishing Code Is More Effective Than Other Defenses

Compared to other anti-phishing measures, the anti-phishing code has three unique advantages:

1. Does not require action every time: 2FA must be entered every time you log in, and passwords must be typed carefully each time; the anti-phishing code requires absolutely no action after setting it once.
2. Cannot be stolen: Even if an attacker phishes your password and 2FA, they will not know your anti-phishing code — because Binance will not display it on any page, and it only appears in email subjects.
3. Protects the email link: Passwords and 2FA solve login-level problems, whereas the anti-phishing code solves the problem of the chain from receiving the email to clicking the link, making the two complementary.

3. The Complete Steps to Set Up an Anti-Phishing Code

1. Log in to your account from the Binance website.
2. Click your avatar in the top right corner → Account.
3. Select Security from the left menu.
4. Find the row for "Anti-Phishing Code".
5. Click "Enable" or "Edit".
6. Enter a 4–20 character custom string, such as YourName-2026.
7. The system will require a 2FA verification code to confirm.
8. After setting it up successfully, immediately trigger an official email yourself (for example, make a 0.01 USDT withdrawal or a login alert).
9. Confirm that the received email's subject contains the anti-phishing code you set.

After completing this step, the anti-phishing code will take effect. Every time Binance sends an email, it will automatically be attached.

4. Three Key Points for Choosing a Good Anti-Phishing Code

1. Make it long and unique enough, not easily hit by chance

Don't use 123456 or abcdef — although the attacker doesn't know it, if it's too short and common, it might be accidentally hit by massive automated phishing emails. 8 characters or more are recommended, mixing letters and numbers.

2. Do not use real information related to you

Do not use your birthday, name pinyin, or the last 4 digits of your phone number — if this information leaks (for example, scraped from social networks by someone), an attacker might actively guess it and craft fake emails with the anti-phishing code.

3. Make it easy for yourself to remember

Unlike a password that needs to be complex, your anti-phishing code instead needs to be recognizable at a glance every time you read an email. So it should be a string that you instantly know "I set this," like mycoin-kitchen-42, SBYT-2026-spring, etc.

5. Real-World Comparison of Phishing Emails

After setting the anti-phishing code, these two types of emails will often appear before you:

Genuine Email Example (Set with SBYT-42 anti-phishing code)

Sender: Binance <[email protected]>
Subject: [SBYT-42] Withdrawal Request Notification

Hello,

We have received a withdrawal request from your Binance account:
Amount: 100 USDT
Address: 0xabcd...1234
Time: 2026-04-18 14:23 UTC
...

Judgment: The subject contains [SBYT-42], and the sender is the official domain. Genuine email.

Phishing Email Example

Sender: Binance Support <[email protected]>
Subject: Urgent: Verify Your Account Now

Dear User,

Your account has been flagged for suspicious activity.
Please click the link below to verify your identity within 24 hours
or your account will be permanently frozen.

[Verify Now]

Judgment: There is no SBYT-42 anti-phishing code in the subject, and the sender domain is binance-verify.com, not binance.com. Phishing, delete it directly.

With this layer of protection from the anti-phishing code, the first check can instantly kill 99% of phishing emails, without needing to manually inspect the sender, link URL, HTTPS certificate, and other details.

6. Other Use Cases for the Anti-Phishing Code

The anti-phishing code is used not only for email protection but also comes in handy in the following scenarios:

• SMS messages sent by Binance (limited to some regions): The SMS will also carry the anti-phishing code.
• Customer service ticket replies: The subject of Binance customer service reply emails to your tickets also carries the anti-phishing code.
• KYC review notifications: KYC approved/rejected notification emails will carry the anti-phishing code.
• API anomaly alerts: If API anomaly monitoring is enabled, related emails also carry the anti-phishing code.

In other words, this string is the unified identification mark for your communications with Binance official.

7. What If the Attacker Learns My Anti-Phishing Code?

This situation is extremely rare but not impossible — for example, if you accidentally screenshot an email with the anti-phishing code on a third-party forum, or your password manager is compromised causing the anti-phishing code in your notes to be exposed.

The response is very simple: log in to Binance and immediately change your anti-phishing code. Changing it is free and limitless, and once changed, the old code becomes invalid immediately. Don't forget to trigger an email yourself after changing it to confirm the new code is active.

8. Advanced Tactics: Anti-Phishing Code + Email Rules

If you use email providers like Gmail, Outlook, etc., that support email filtering rules, you can further enhance your protection:

Set a rule in your email filter:

• The sender contains @binance.com or @post.binance.com
• AND the subject contains your anti-phishing code

Emails matching this are automatically marked as "Safe" and pinned to the top; those that do not match are all moved to the Spam folder. This way, even if you don't pay attention to the subject when you are tired one day, the filter will screen out the fake emails for you.

Frequently Asked Questions

Q: Can I use the same anti-phishing code on other exchanges? A: Yes, many exchanges have similar features (OKX calls it Anti-Phishing Code, Kraken calls it Security Signing Key). However, it is recommended to use a different one for each exchange, so that if one is compromised, the others remain safe.

Q: I set an anti-phishing code, but I haven't received any emails with the code? A: Possible reasons: ① Your emails are being categorized as spam; check your spam folder. ② Binance hasn't been triggered to send an email; try manually making a withdrawal or modifying a setting. ③ In very rare cases, the system synchronization has a delay; wait a few hours and try again.

Q: Will the anti-phishing code appear in the email body? A: No, it only appears in the subject. This is intentional — attackers cannot "copy" your anti-phishing code from forwarded emails.

Q: Will it affect anything if my anti-phishing code is the same as someone else's? A: No. The anti-phishing code is an account-level attribute bound to your email address. If two people set the same string, their respective emails will carry their respective codes without getting mixed up.

Q: Does it cost money to set up an anti-phishing code? A: It is completely free, there are no fees whatsoever, nor are there any "VIP only" restrictions. Every user with a Binance account can set it up, and it is strongly recommended that everyone does.