Fake Binance Password Reset Phishing
Attackers send fake Binance password-reset emails to capture login credentials or 2FA codes. Genuine Binance password-reset emails always include your personal anti-phishing code and never embed a button asking you to confirm a reset you did not request.
Part of: Fake Password Reset Scams
Last reviewed: 7 June 2026
Password reset phishing is a reliable attack because it creates a scenario where the victim is expected to take action — clicking a link and entering credentials — which lowers their defensive instincts. Impersonating Binance is particularly effective because the platform does send genuine password-reset and security-alert emails, making recipients more likely to believe the fake version is real.
The attack capitalizes on the moment of uncertainty: a user receives an email saying their password was recently changed, and the natural reaction is concern and a desire to act quickly. That urgency is exactly what the attacker is engineering.
Binance's anti-phishing code system was designed specifically to help users distinguish real Binance emails from fakes. When set up, every genuine Binance email includes a personal code chosen by the user. If an email lacks this code, it did not come from Binance's systems, regardless of how authentic it looks.
How this scam works on the Binance brand
A fake password-reset email with Binance's logo warns that a password change was initiated from an unrecognized location. It provides a 'Cancel this change' button. Clicking it leads to a realistic Binance login page — at a domain like binance-security-reset[.]com — where entering credentials hands them directly to the attacker. If the victim also enters a 2FA code, the attacker uses it in real time to access the genuine account.
Another variant is a proactive reset trigger: the attacker initiates a genuine password-reset request at binance.com using the victim's email. A real Binance reset email lands in the victim's inbox. Simultaneously, the attacker sends a spoofed follow-up email saying 'if you did not request this, click here to secure your account' — and that link is the phishing page.
The real Binance password-reset email is sent from a @binance.com address, includes the user's personal anti-phishing code, and only asks the user to click a link to set a new password — never to log in with existing credentials. If you did not request a reset, Binance's email advises you to contact support, not to click a separate link.
Common red flags
- A password-reset or security-alert email that lacks your Binance anti-phishing code
- A 'Cancel this change' button in an email that leads to any domain other than binance.com
- An email asking you to log in with existing credentials to reverse a password change
- Sender address is not from @binance.com
- A second 'urgent follow-up' email arriving shortly after a genuine reset email
- The URL of the login page contains extra words like 'secure', 'reset', or 'verify' alongside 'binance'
How to protect yourself
- Set up a Binance anti-phishing code in Security settings immediately — check every email for it
- If you receive a reset email you did not request, go directly to binance.com to change your password — do not click the email link
- Enable withdrawal address whitelisting to prevent fund movement even if credentials are compromised
- Use an authenticator app for 2FA to limit the value of a captured OTP
- Regularly check your Binance Security Log for unauthorized login attempts
How to report it
- Report phishing emails to [email protected]
- Report the phishing domain using Binance's official feedback form
- Report to IC3.gov (US) or Action Fraud (UK)
- Submit the phishing domain to Google Safe Browsing
Frequently asked questions
What is the Binance anti-phishing code and how do I set it up?
The anti-phishing code is a short text string you choose, which Binance includes in every genuine email. Set it up in Binance Account > Security > Anti-Phishing Code. Once set, any email without your code is not from Binance.
I clicked the link in the email but did not enter my password. Am I safe?
Probably, but some phishing pages can load malware on click. Run a full antivirus scan and check your Binance Security Log for any unauthorized access attempts. Change your password from a known-clean device as a precaution.
Why would an attacker send a fake 'cancel the reset' email right after a real reset email?
Because the real reset email is a legitimate action on a real account, the attacker cannot control it. By quickly sending a spoofed follow-up, they exploit the victim's anxiety about the real email to redirect them to a phishing page.