Millions of Binance phishing emails are sent out every day. This article teaches you how to spot them in one second. Download access: Binance website, mobile Binance official app, if you don't have the App on iOS, see the iOS installation guide.
I. 4 Recognition Features
| Feature | Real Email | Fake Email |
|---|---|---|
| Sender domain | @binance.com / @post.binance.com | Similar but misspelled |
| Anti-phishing code | Your code is in the subject | None / wrong code |
| Link | Hover shows binance.com | Unknown domain |
| Tone | Objective, not rushed | Urgent, "immediately", "right now" |
II. Sender Identification
Binance official sender domains:
- @post.binance.com
- @binance.com
- @ses.binance.com (some system emails)
Phishing disguises:
- @binance-team.com
- @binance.cn
- @binance-support.top
- @postbinance.com (missing a dot)
Hover over the sender with your mouse to see the full email address. On mobile, long-press the sender.
III. Anti-Phishing Code
If you have enabled the anti-phishing code on your Binance account (strongly recommended), this string of characters will be in the subject of all genuine emails.
For example, if the anti-phishing code is SBYT-42, a genuine email subject:
[SBYT-42] Login Notification
Phishers do not know your anti-phishing code, their email subject:
Login Notification (no code)
Or
[SBYT-42!] Login Notification (wrong code, tricking you into thinking it's real)
Compare carefully.
IV. Link Hover
Always hover to see the real address of links in any email, do not click immediately:
- Desktop: hover the mouse, the bottom left corner of the browser shows the real URL
- Mobile: long-press the link to pop up a preview
The landing page for genuine email links is binance.com. Do not click on any other domains.
V. Urgent and Pressing Tone
Genuine customer service will not rush you:
There is abnormal activity on your account. Please click the link below to verify within 24 hours, otherwise your account will be frozen.
This kind of script is 100% phishing. Real Binance customer service:
We detected a login from an unfamiliar location. If this was you, please ignore it; if not, please go to device management to audit.
Calm, objective, and non-threatening.
VI. Common Phishing Scripts
1. "Account hacked, please verify immediately"
Intimidating you into clicking the link and entering your password.
2. "You have 100 USDT waiting to be claimed"
Tempting you to click the "Claim" button, jumping to a phishing site.
3. "Need to re-do KYC"
Tricking you into uploading your ID card again (used to register other accounts).
4. "Your API has expired"
Inducing you to log in to "regenerate API", actually collecting your API keys.
5. "Withdrawal request submitted, click to confirm"
Making you think someone is stealing your funds, urging you to click the "Cancel" button, jumping to a phishing site.
VII. What to do if you receive a suspicious email
- Do not click any links
- Do not download attachments
- Take a screenshot to keep
- Forward it to [email protected] to report
- Log in directly to binance.com (using a bookmark) to check the actual status of your account
VIII. Long-Term Defense
1. Anti-phishing code must be enabled
The cheapest and most effective defense.
2. Do not display remote images in Gmail
Some phishing emails use images for "read tracking". Turn off "Ask before displaying external images" (or turn off automatic loading) in Gmail settings.
3. Do not rely on emails for critical operations
Important Binance operations should go through the APP / desktop client, not be completed through email links.
4. Teach family members to recognize
Family members can also be phished by the same emails. All family members should know this set of identification methods.
FAQ
Q1: Can phishing emails be blocked? Email spam filters will gradually learn, but new variants will appear. The ability to recognize is more important than blocking.
Q2: Genuine emails got filtered as spam? Check the spam folder and whitelist binance.com.
Q3: Can I open attachments to take a look? Absolutely not. Email attachments may contain malicious macros / exploits. Do not open any email attachments.
Q4: How to report phishing? Forward the entire email to [email protected], Binance will follow up and blacklist them.