Today’s Catch: Anti-Phishing Codes and How to Protect Yourself

Main Takeaways

• Phishing is a cyber-attack where scammers attempt to “fish” for confidential information like credit card details.

• Victims will typically receive a fake email instructing them to click a harmful link, download malware, or give away personal details.

• Binance users can set up an Anti-Phishing Code to help them cross-check real or fake Binance emails.

Before Web3, phishing attacks primarily targeted bank accounts and credit cards. Today, your crypto wallet might be in the crosshair. 

No matter how safe you think your money is, whether it’s in a vault, the blockchain, or your hardware wallet, the human brain is always vulnerable to manipulation. For example, a scammer can easily exploit a human’s trust, but they most likely won't know how to hack a state-of-the-art security system. 

Unlike programs, humans have emotions like fear, greed, and curiosity, among many others; as a result, phishing is – and will continue to be – a preferred method for scammers. 

According to the Financial Cyber Survey conducted by Deloitte in 2021, phishing/malware, also known as social engineering, is considered the most significant cyber threat among businesses in the financial service sector. 

This guide will cover everything you need to know about phishing attacks, real-life examples of phishing, and how you can protect your account with Binance’s Anti-Phishing Code.

What is Phishing?

Phishing is a popular cyber-attack where scammers “fish” for personal information — such as credit card details — by posing as a reputable business or entity. Moreover, phishing falls under social engineering attacks, a blanket term for any malicious activity that relies on human interaction. Simply put, social engineering is hacking humans, not programs.

The most common form of phishing is via email. For example, you might receive an email from someone you “trust,” enticing you to click a link, download harmful malware, or give away your personal information. 

Verizon’s 2022 Data Breach Investigations Report found that 96% of phishing attacks occur through email. 

The Usual Suspects: Phishing Emails

Email phishing applies a combination of techniques to forge the sender's address. These emails range from the obvious scam to clever replicas that even veteran crypto users have fallen victim to. After all, phishing attacks continue to exist because they work. Below, you can explore our breakdown of five real examples of phishing emails. 

Example 1

An attacker created this email to steal a customer’s email, password, and 2FA backup key. The email was sent from <do-not-reply19@www--binance.com>, which uses a lookalike domain. However, don’t be fooled by the binance.com — scammers will use every trick in the book to disguise their email addresses.

Example 2

This email attempted to convince users to download a seemingly innocent PDF file, which turned out to be harmful malware. Unlike the previous example, the formatting and language used are significantly more unprofessional.

Example 3

This phishing email instructed users to check if they received 0.129 BTC by clicking a Binance link. Users should never click a link if it looks odd, unfamiliar, or suspicious. You can also double-check any Binance domain on Binance Verify. That being said, If you are ever suspicious of an email and its content, you can always contact Binance Customer Support.

Example 4

This example instructed users to join a competition called “ETH Giveaway,” using a large green button at the bottom that reads “PARTICIPATE.”  Like our first example, you’ll notice the sender is using a fake Binance email address. 

Example 5

The sender of this email was posing as a Binance “Listing Director” and requested the user message their Telegram. Once the target reached out on Telegram, the attacker would ask for a certain amount of cryptocurrency sent to their wallet address. While the email domain says Binance.com, we did not send this email. In fact, Binance staff will never ask users for confidential information. 

Don’t Get Caught, Set Up Your Anti-Phishing Code

Once set up, the Anti-Phishing Code is a unique set of letters and numbers that will appear in every legitimate email you receive from Binance. If the email shows an incorrect code or doesn’t have a code, immediately contact Binance Customer Support. This email might be an attempt to steal your personal information. On the other hand, you’ll be able to identify genuine Binance emails if it has your Anti-Phishing Code.

The Anti-Phishing Code is highly sensitive personal information; under no circumstances should you share it with anyone, including Binance staff members. 

Below is what a Binance email looks like with and without the Anti-Phishing Code.

How to Set Up Your Anti-Phishing Code

Setting up your Anti-Phishing Code is simple and only takes a few minutes. Follow our steps below to get started:

1. First, log in to your Binance account on your computer.

2. Visit your account dashboard. You’ll find the Anti-Phishing Code setting under the security tab. 

3. To get started, click [Enable].

4. Create your own Anti-Phishing Code using a series of letters and numbers

The code must be a minimum of 8 characters, with both uppercase letters and numbers. We advise users to create a code that is easy to remember and hard for attackers to guess. 

1. Depending on which two-factor authentication (2FA) you have enabled, enter your Google or SMS authentication code.

2. The setup for your Anti-Phishing code is now complete. From now on, all emails sent by Binance will include your unique code. 

How to Update Your Anti-Phishing Code

Like passwords, it’s best to update your Anti-Phishing Code regularly — at least once per month.  Sometimes, an attacker might already have your Anti-Phishing Code and may be waiting for the right moment to strike. By changing your code often, you’ll prevent the likelihood of a potential leak or a successful phishing attack. If you suspect that your anti-phishing code is compromised, make sure to update it as soon as possible.

To update your code, visit the Anti-Phishing Code section on your account dashboard. Then, click [Change code] and follow the same process as when you created your previous Anti-Phishing Code. Remember to make a new code that’s not too similar to your old version.

For more information on phishing and how to protect yourself, check out our helpful links below:

• (FAQ) Examples of Phishing Emails

• (FAQ) How to Identify Email Phishing?

• (FAQ) How to Prevent Phishing Attacks?

• (FAQ) How to Identify URL Spoof Phishing?

Stay up-to-date with our ecosystem on the Binance blog.

The article has been edited on June 22, 2022.