How to Identify Binance Phishing SMS and Emails Instantly

2026/4/7 23 min

Every day, crypto users ask: "I just received an SMS about 'Binance account abnormality.' Is it real?" Let's start with the conclusion: 99% of Binance-related SMS/emails are fake. Binance rarely sends SMS proactively, and emails are only sent for specific scenarios like login, withdrawals, or major changes. By learning to check domains, anti-phishing codes, link redirects, and sender addresses, you can identify a fake in 3 seconds. This article breaks down common phishing formats for comparison and provides an emergency checklist. If you suspect your account has been phished, log in and check via the Binance official site. For an emergency mobile check, use the Binance official App. iPhone users who can't find the App should check the iOS installation tutorial to switch to the US region for download.

What Emails/SMS Does Binance Actually Send?

First, understand what is real.

Real Email Types

Login Confirmation: Notifications for login from new devices or IPs.
Withdrawal Confirmation: You must click a link in the email to confirm every withdrawal.
Whitelist Changes: Enabling/disabling the whitelist or adding addresses.
2FA Changes: Enabling/disabling/resetting any 2FA.
Password Reset: When you proactively request a password reset.
KYC Pass/Reject: Results of identity verification audits.
Account Abnormality Alerts: Detection of risky operations.
Terms of Service Updates: Major policy changes.
Airdrop/Activity Notifications: For events you explicitly participated in.

Real SMS Types

SMS Verification Codes: 2FA SMS codes, phone binding verification.
Login Alerts: For certain high-risk login scenarios.
Almost limited to the above two categories.

Key point: Binance almost never sends "links" via SMS. Any SMS with a link for you to click is 99% a phishing attempt.

Typical Phishing SMS Tactics

Listed from most to least frequent.

Tactic A: Fake Security Alerts

Example: "[Binance] Abnormal login detected on your account. Please click [Link] immediately to verify identity, or your account will be frozen."

How to identify:

Real Binance won't send SMS with links like this.
Numbers are often gibberish or from overseas prefixes like +886/+852.
Links use deceptive domains like binannce.com or binance-cn.top.
Uses urgent words like "immediately" or "otherwise."

Tactic B: Fake Withdrawal Notifications

Example: "A USDT withdrawal has just been initiated from your account. If this was not you, please click [Link] immediately to cancel."

How to identify:

Real Binance withdrawal confirmations are always via email, never SMS.
The link opens a fake login page.
The goal is to trick you into entering your password and 2FA.

Tactic C: Fake Airdrop Claims

Example: "Binance new coin listing! Existing users can claim 100 USDT for free. Click here to claim."

How to identify:

Binance does not offer "no-threshold" airdrops.
Links are usually short links (t.cn/xxx).
Clicking requires connecting a wallet or entering private keys.

Tactic D: Fake Customer Service

Example: "Your account is under review. Please add customer service on WeChat: xxxx for assistance."

How to identify:

Binance does not have Chinese WeChat customer service.
All support is handled via the chat on the bottom right of the official site or the [email protected] email.
Anyone asking you to add them on WeChat, QQ, or Telegram is a scammer.

6 Dimensions to Identify Phishing Emails

Email phishing is more subtle than SMS and requires verification across multiple dimensions.

Dimension 1: Full Sender Email Address

Real Sender Emails:

Common Fake Emails:

[email protected] (deceptive suffix)
support@binancé.com (includes accent marks)
[email protected] (personal email)
[email protected] (fake regional suffix)

Click on the avatar to view the full email address; don't just look at the display name.

Dimension 2: Is the Anti-Phishing Code Correct?

If you have enabled the anti-phishing code, every real email will include your custom string.

Open the email.
Check the header or footer for your 4-20 character custom string.
It's real only if the string is present and matches exactly.
If missing or incorrect, delete it immediately.

Anti-phishing codes are the fastest and most reliable way to identify fakes. If you haven't enabled it yet, check our dedicated article on anti-phishing codes.

Dimension 3: Real Link Destination

Links in emails might display "binance.com" but actually point elsewhere.

Hover your mouse over the link (don't click).
The browser (bottom left) or email client will show the real URL.
If it's not *.binance.com, delete it.
Watch out for nested subdomains like binance.cx.xyz.

On mobile, you can long-press the link to see the preview URL.

Dimension 4: Tone and Typos

Official Binance emails use formal language; English emails have proper grammar. Common issues in phishing emails:

Obvious grammatical errors.
Unnatural mixing of languages.
Strange punctuation.
Greeting "Dear User" instead of "Respected [Your Name]."
Obvious "translationese" tone.

Dimension 5: Urgency and Threats

Real emails rarely use phrases like "immediately," "or else," or "otherwise your account will be permanently banned." Phishing emails use them heavily:

"Confirm within 24 hours";
"Account about to be frozen";
"Assets will be confiscated";
"Final notice."

Creating a sense of urgency is a standard social engineering tactic.

Dimension 6: Attachments

Binance never sends Word, Excel, PDF, or ZIP attachments in emails. Delete any Binance email with an attachment immediately; opening them likely installs Trojans.

Emergency Checklist: If I've Already Clicked a Phishing Link

Follow this checklist; every item is important.

Minute 1: Assess Damage

What page did I reach after clicking?
Did I enter any information on that page?
What did I enter (Email? Password? 2FA code? Recovery phrase?)
Determine which credentials have been leaked.

Minute 3: Stop Loss

Log in to Binance via normal channels immediately (bookmarks or App).
Change your password (new password should be completely different).
Reset 2FA (unbind old ones, bind new ones).
Enable or reset your anti-phishing code.
Log out of all active device sessions.
Check the whitelist and API settings.

Minute 10: Check Assets

Check the fund flow for any abnormalities in the last 5 minutes to 1 hour.
Check all sub-accounts.
Check for any new API keys.
Check for any new withdrawal addresses.

Minute 30: Harden Security

Enable the withdrawal address whitelist (if not already enabled).
Strengthen 2FA; consider a hardware key.
Run a full antivirus scan on your computer.
If a recovery phrase was leaked, transfer assets to a new wallet immediately.

Follow-up

Collect all evidence (SMS screenshots, original emails, links).
If funds are lost, contact Binance support to appeal.
For large amounts, report it to the police.
Submit the phishing link to the Binance anti-phishing center or anti-fraud platforms.

Daily Anti-Phishing Habits

Develop these 8 habits to minimize the risk of being targeted.

Bookmark only official domains and click the bookmark every time instead of typing.
Enable anti-phishing codes to verify emails in 3 seconds.
Never click links in SMS; open the App directly to check your account.
Never chat privately with anyone claiming to be "support"; official support doesn't do this.
Don't download the App from social groups; use the official site or App Store.
Never open email attachments; Binance doesn't send them.
Use Google Authenticator for 2FA, not SMS (due to SIM swapping risk).
Regularly run antivirus scans; keep devices used for bots or trading clean.

Three Common Types of Fake Domains

Scammers register deceptive domains using three common tactics.

Type	Example	How to Identify
Similar Spelling	binannce.com, binacne.com	Extra letters or incorrect letter order
Nested Subdomains	binance.sec.xxx.com	Look at the actual top-level domain at the end
Special Characters	binancé.com, binаnce.com (Cyrillic а)	Look-alike Unicode characters

If you can't tell the difference in the browser address bar, copy it to a notepad, enlarge the font, and compare character by character.

FAQ

I received an SMS with a verification code but didn't perform any action.

If you didn't trigger it (login, password reset, etc.), someone else is trying to log in using your email. Never tell anyone the verification code. Log in immediately to change your password, reset 2FA, and check your account.

Will Binance official support contact me proactively?

No. Binance support is a passive response system; you reach out to them. They never contact you proactively. Anyone claiming to be "support" via phone, WeChat, or Telegram is a scammer.

Can anti-phishing codes prevent all phishing?

They only protect against emails. SMS, fake websites, and fake support calls require other measures (2FA, whitelists, fixed bookmarks).

Why do I receive emails for features I haven't enabled?

Possible reasons: ① General Binance user activity notifications; ② Someone else tried and was blocked from enabling it on your account; ③ It's a phishing email. Check the anti-phishing code to verify.

Can I report phishing sites to Binance?

Yes. Submit a report on the support page after logging in, attaching the fake domain and screenshots. Binance works with ICANN and cloud providers to take them down.

Is an email with an "Unsubscribe" button real?

Not necessarily. Phishing emails often include an "Unsubscribe" button to appear "legitimate." Always judge by the anti-phishing code and sender domain. Clicking Unsubscribe itself is usually not dangerous (won't install Trojans), but it might confirm your email is active, leading to more spam.

Summary

The core method of identifying phishing is simple: Any message asking you to click a link, add support, or enter a password is fake by default unless verified by an anti-phishing code. SMS are almost 100% fake. Emails can be filtered 99% of the time by checking the anti-phishing code, sender, and links. Remember: Binance doesn't call proactively, doesn't use WeChat, doesn't send APKs, and doesn't send attachments in emails. When in doubt, stop for 30 seconds and check your Binance App for actual account abnormalities. Enable your anti-phishing code now—it's the cheapest and most effective line of defense.