Phishing is a type of social engineering attack where scammers attempt to obtain information, such as usernames, passwords, two-factor authentication (2FA) codes, etc., by disguising themselves as a person or entity you trust. Some common examples include:
The most important and weakest aspect of a security system is people. Tricking you into giving away your money is significantly easier than trying to hack into your Binance account.
Spoofed messages often contain subtle mistakes such as:
In addition, attackers may try to push you into action by creating a sense of urgency. For example, an email might threaten that your account will expire, along with its funds, unless you move all assets to a “secure wallet.” This is a scam and the “secure wallet” belongs to the attacker.
There are various (non-exhaustive) precautions you can take to protect yourself from phishing attacks.
1. Ensure your web browser is updated to the latest version. Google Chrome or Mozilla Firefox will warn users of phishing or unsafe high-risk websites.
2. Use Binance Verify to cross-check any Binance domains, usernames, and employee names that you encounter. Only use trusted domains. Don’t click or download suspicious links if something seems off.
However, please still keep in mind that it’s common for scammers to send emails with a forged sender address. In such cases, even if Binance Verify confirms an email as a “Verified Source,” there’s still a chance that the email contains malicious content (including phishing links).
If you’re unsure, you can download the email as an EML file and send it to Binance Support to help review the file to see if it contains malicious content.
3. Enable two-factor authentication (2FA), such as email, SMS, biometrics, or Binance Authenticator. In the event your username and password is stolen, 2FA acts as an extra layer of protection against a hacker trying to use your compromised credentials.
4. Enable your anti-phishing code. It’s a unique combination of numbers and letters that will appear on every genuine email from Binance. Once enabled, steer clear of emails that don’t have your anti-phishing code.
5. Consider installing Chrome Netcraft Extension or Firefox Netcraft Anti-Phishing Extension.
If you’re unsure of an email, SMS, or website’s legitimacy, contact Binance Support with screenshots and the EML file. The Binance security team will help verify authenticity.
EML files provide additional information that can help the Binance security team verify an email’s authenticity. To download the EML file, click on the three dots on your email client (Gmail, Outlook, Proton, etc.) and select [Download message]. If you’re using QQmail or 163 Mail, click [Details], followed by [Export].
Right-click on the EML file you downloaded and click [Open With] - [Other]. Select [TextEdit] if you’re using macOS or [Notepad(++)] if you’re using Windows.