Fake Binance Account Suspension Appeal Scams
Criminals send urgent emails or SMS messages claiming a user's Binance account has been suspended and directing them to a phishing page to 'restore access' — capturing login credentials and 2FA codes in the process.
Part of: Fake Suspended Account Appeal Scams
Last reviewed: 8 June 2026
Receiving a notice that your crypto exchange account has been suspended feels alarming, which is exactly why scammers exploit this scenario so effectively. Fraudulent emails impersonating Binance claim that unusual activity, a failed identity verification, or a policy breach has triggered an automatic account suspension, and that the account will be permanently closed unless the user completes a verification step within 24 to 48 hours.
The message is designed to induce panic. It uses Binance's exact visual identity — logo, color palette, and email formatting — and the sender domain is spoofed or uses a lookalike address such as [email protected]. A prominent button labeled 'Restore My Account' or 'Complete Verification' links to a phishing page that captures the victim's email, password, and 2FA code.
Binance does place accounts on hold for compliance reasons, but legitimate suspension notices are always accessible inside the Binance app notification center, and users can verify account status by logging in directly at binance.com. No genuine Binance email requires you to enter your full password on a web page linked from the message.
How this scam works on the Binance brand
The phishing email arrives with a subject line such as 'Your Binance Account Has Been Restricted — Action Required' and references a fabricated case number to appear official. The body text describes a vague compliance trigger — 'suspicious login from a new device' or 'incomplete KYC verification' — and sets a tight deadline before permanent closure.
Clicking 'Restore My Account' opens a site that mirrors Binance's login page precisely. After entering email and password, the site shows a 2FA prompt. Whatever code the victim enters is relayed in real time to the actual Binance login page by the scammer operating a reverse-proxy, allowing them to fully hijack the session. The victim is then shown a success page while the attacker begins withdrawing funds or changing account details.
Real Binance account restrictions are communicated through in-app alerts and can be verified by navigating directly to binance.com — not through links in emails. Binance also offers an anti-phishing code feature (Settings > Security > Anti-Phishing Code) that inserts a user-chosen phrase into every legitimate Binance email; if that phrase is absent, the email is fake.
Common red flags
- Email sender domain is not exactly @binance.com — check for binance-security.net, notification-binance.com, and similar
- Anti-phishing code is absent from the email body (if you have set one up in your Binance security settings)
- Urgent deadline of 24 to 72 hours before 'permanent account closure'
- Login page URL in the address bar is not exactly binance.com
- 'Verification' process asks for your full password in addition to a 2FA code on an external page
- Message arrives via SMS or WhatsApp rather than the official Binance app notification center
How to protect yourself
- Set up a Binance anti-phishing code immediately (Binance app > Profile > Security > Anti-Phishing Code); any legitimate Binance email will include your chosen phrase
- Never click links in emails or SMS claiming to be from Binance — instead open a new browser tab and type binance.com manually
- Enable withdrawal address whitelisting so that even a compromised account cannot send funds to a new address without a 48-hour delay
- Use a hardware security key (FIDO2) as your second factor rather than an authenticator app, as it is phishing-resistant
- If you suspect your account has a real restriction, check in-app notifications and contact Binance support via the in-app chat at binance.com/en/chat
How to report it
- Forward the phishing email to Binance at [email protected] and include the full email headers
- Report the phishing URL to Google Safe Browsing at safebrowsing.google.com/safebrowsing/report_phish
- File a report with your national cybercrime agency (IC3.gov in the US; Action Fraud at actionfraud.police.uk in the UK)
- If your account was compromised, immediately contact Binance support through the official in-app channel to freeze withdrawals
Frequently asked questions
How can I tell if a Binance suspension email is real?
Check your anti-phishing code — genuine Binance emails include the exact phrase you set in your account security settings. Also log in directly at binance.com to see if any restrictions appear in your account dashboard. If nothing appears there, the email is fraudulent.
I entered my credentials on a fake page — what should I do immediately?
Go directly to binance.com, log in if you still can, and immediately change your password and disable then re-enable 2FA. Enable withdrawal address whitelisting. If you cannot log in, contact Binance support via the in-app chat or binance.com/en/support.
Does Binance send SMS messages about account suspensions?
Binance does send SMS for certain security alerts, but it will never include a link to a login page. Treat any SMS with a login link claiming to be Binance as phishing.