Main
In smishing, substitution tactics are used to deceive victims. Scammers make them believe that the messages are legitimate.
Personalized and easily recognizable anti-phishing codes provide an additional level of security, helping to verify the authenticity of messages.
Be proactive: enable the latest security features, stay alert to new threats, and report suspicious messages to protect yourself and others.
Note: The anti-phishing code feature in SMS is being rolled out gradually and may not be available in your region.
Phishing fraud has entered a new phase and now includes fake SMS messages. This tactic is called smishing — a term formed from the combination of the words 'phishing' and 'SMS'. Scammers impersonate legitimate senders and use a special method to display SMS, allowing them to insert malicious messages into existing conversations. Such fraud appears more credible. Malicious actors deceive users into revealing confidential information, clicking on phishing links, or making transfers that lead to the loss of assets.
To combat this, Binance adds the anti-phishing code in SMS, adding an extra layer of security for users. By including a unique anti-phishing code in SMS from Binance, we significantly complicate scammers' ability to deceive you. Read on to learn what smishing is and how to correctly use the anti-phishing code.
What is this threat
Smishing complicates the identification of fraudulent messages, increasing the risk of deception and loss of funds. Here’s what such a scam might look like:
Disguise. The victim receives an SMS about suspicious account activity, allegedly from a trusted provider, such as Binance. Since SMS systems group messages from what they believe to be the same sender, the fake notification blends in with legitimate messages, creating an illusion of authenticity. In the message, the scammer urges the victim to call a number to protect their account.
Trap. Once the victim calls, the scammers ask them to transfer funds to an allegedly safe wallet — one that is controlled by the scammers. They send the seed phrase via email, through another SMS, on a fake website, or even during the call. Confident in the safety of their funds, the victim transfers the funds, and then the scammers immediately withdraw the assets, leading to their loss.
To delve deeper into this threat, check out the article on Web3 wallet security: beware of fake wallet apps and smishing.
Don't get caught in the trap: the anti-phishing code will protect you
To enhance security and combat SMS fraud, we have added support for the anti-phishing code in SMS. Previously, these unique identifiers were available for emails. Users set them up to verify the authenticity of messages from Binance. Now, when you receive an SMS from us, it will contain your personalized code — known only to you — allowing you to verify whether the message is legitimate.
Set up the code
Go to the advanced security section on the Security page in your account settings and click Enable to set up the anti-phishing code.
To set up the code, create a unique combination of 6-8 characters using a mix of uppercase and lowercase letters, numbers, and underscores. Choose a code that is easy for you to recognize but hard for others to guess.
Once set up, all legitimate SMS and emails from Binance will contain your personalized anti-phishing code. Always check this code when receiving messages — if it’s missing or incorrect, it could be scammers. Stay vigilant and check the code before taking any action.
If you receive a message, check if the code matches the one you set. If so, the message is legitimate. If not — it’s likely a scam. In the screenshot above, legitimate SMS with the correct code are marked in green, while fraudulent ones without it are marked in red. You can also check emails — always confirm their legitimacy, look at the code before taking any action.
How to protect yourself
Anti-phishing codes can significantly enhance security, but the best defense is to be vigilant and develop good habits. Here’s how you can further protect your assets:
Be skeptical
Unexpected messages urging you to take immediate action or requesting personal information should always raise suspicion. Scammers rely on urgency to make victims make mistakes. So stop, check everything, and think before acting.
Verify before trusting
Always check URLs and social media accounts using our Binance Verify tool or contact our support team on the official platform for clarification. A quick check can save you from falling into the scammers' trap.
Do not click on links in SMS
Even if the message looks legitimate, never click on any links in SMS. Instead, manually enter the URL of the official website in your browser to ensure you are accessing the correct platform.
Report suspicious messages
Help us fight fraud — report suspicious messages to Binance support and your mobile operator. Your complaint can help others avoid becoming victims of scams.
Be vigilant and check every interaction, and you will be able to outsmart scammers and keep your assets safe.
Stay vigilant and informed
Smishing tactics are constantly evolving, so it is crucial to stay ahead of scammers. Stay informed about the latest fraud methods and best security recommendations on Binance Academy. To learn more about common types of fraud, check out the series of articles on security. These resources will help you recognize and avoid smishing attempts so you are always one step ahead of potential threats.
Conclusion
Safety largely depends on you. Scammers prey on unsuspecting users, constantly refining their tactics to bypass safeguards. Stay up-to-date with current information, be cautious, and use all security features, such as anti-phishing codes. The more layers of protection you set up, the harder it will be for scammers to deceive you.
Additional materials
What is the anti-phishing code and how to set it up on Binance
Identification of SMS spoofing attacks
How to protect cryptocurrency from SMS spoofing attacks