To ensure you have opened the real Binance, the simplest method is to reopen the Binance Official Website from your saved bookmarks and compare the address bar. If you need to download the client, Android users should grab the official Binance App APK directly. For iPhone users, follow the instructions on our Binance App Download page to bypass App Store restrictions. Below are three essential steps for identifying the official site.
Step 1: Examine the Address Bar Spelling
Phishing sites are becoming increasingly sophisticated, even copying copyright notices and license details at the bottom of the page. However, the domain name is the one thing they cannot replicate. Move your cursor to the address bar and read the letters slowly:
b-i-n-a-n-c-e (dot) c-o-m
If there is an extra letter, a missing letter, a hyphen, or an incorrect extension, the site is a fake.
Step 2: Check the HTTPS Certificate
Click the padlock icon to the left of the address bar to view "Connection security" information. Click on "Certificate is valid" or "Details" and look for these fields:
| Field | Official Site Requirement |
|---|---|
| Issued to | binance.com or *.binance.com |
| Issued by | DigiCert / GlobalSign / Let's Encrypt |
| Validity | Usually 90 days to 1 year |
If the "Issued to" field shows a different website name or an unintelligible string of characters, close the page immediately.
Step 3: Use an Anti-Phishing Code
An Anti-Phishing Code is an "identity secret" provided by Binance. You set a custom 8-character string (e.g., MyBnB88) in your security settings. From then on, all official emails and login alerts from Binance will include this string. A phishing site cannot possibly know this code, so if it's missing from an email claiming to be from Binance, it's a fake.
To set it up: Log in and go to "Account → Security → Anti-Phishing Code → Enable." Enter an 8-character code you can remember and save it.
Common Phishing Tactics
Beginners should be alert for more than just domain names. Scammers often:
- Replicate the exact UI of the Binance registration page.
- Pose as "customer support" on Telegram and send malicious links.
- Buy top ad slots in search engines labeled "Binance Official Website."
- Post "reward links" in forums, Twitter comments, or subreddits.
- Send mass emails claiming your account will be frozen to lure you into clicking a phishing link.
As long as you stick to the habit of "only accessing Binance through your own bookmarks," all of these tactics will fail.
An Extra Safety Check After Entering
Once you are sure you are on the real site, do one more thing before logging in: Confirm the presence of all official features on the login page.
The real login page will always include:
- A "Forgot password?" link.
- A "Register now" button.
- Options to "Continue with Google / Apple."
- Legal links at the bottom (Terms, Privacy, Compliance).
Phishing sites often simplify the process to capture your credentials quickly, leaving only a login form with no other features. This is a visible red flag.
What to Do if You Entered Your Password on a Fake Site
Follow these steps immediately to minimize potential losses:
- Open the real Binance site (via bookmark) and change your password immediately.
- Enable 2FA if it was not already active.
- Revoke all API keys in your account security settings.
- Contact customer support to freeze withdrawals for 24 hours via the Help Center.
- Review your recent login history and report any unfamiliar IP addresses.
The time window is critical; phishers usually attempt to log in within 5 to 30 minutes of capturing credentials.
FAQ
Q: Do I need to perform these three steps every time?
A: No. Once you have bookmarked the official site, a quick glance at the address bar is usually enough. The certificate and anti-phishing code serve as additional verification layers.
Q: Can I see full certificate info on a mobile browser?
A: Yes. In Safari, tap the "AA" icon and then "Website Settings." In Chrome for Android, tap the padlock icon → "Connection is secure" → "Certificate."
Q: Will my Anti-Phishing Code be leaked?
A: No. It only appears in official emails sent to you by Binance. It is never displayed on login or public pages, so phishing parties have no way of knowing it.
Q: I used a VPN and binance.com redirected me to binance.bz. Is this site real?
A: Yes. binance.bz is an official regional mirror. Redirections are determined by your IP address, and your account data is fully shared.
Further Reading
- Which One is the Real Binance Official Website: Picking the Right One from Search Results
- Mirror Domain List: Every Official Domain Listed in One Place
- How to Set Up an Anti-Phishing Code: A 5-Minute Tool Against Scams