SMS is a favorite tool for phishing syndicates because of its high volume, low cost, and the fact that users tend to be less guarded with text messages than with emails. Phishing SMS messages impersonating Binance are incredibly common. Many users panic upon receiving them and click the links, only to have their assets drained instantly. This guide provides a systematic explanation of genuine Binance SMS use cases, the characteristics of phishing texts, and what to do if you receive a suspicious message. When you need to verify your account, always manually visit the Official Binance Website or use the Official Binance App. Never click any links in an SMS. iOS users can refer to the iOS Installation Guide to set up the App as a trusted entry point. A: Official Binance SMS is only sent for login verification, withdrawal confirmation, 2FA operations, and KYC status changes. These messages contain only a verification code or a brief status description and never include clickable links. Any "Binance SMS" containing a link is a phishing attempt—especially those using suspicious domains like .cn, .top, .vip, or short URLs, or those asking you to "claim rewards," "verify account," or "upgrade VIP.""

Genuine Binance SMS Use Cases

A: Binance only sends SMS to deliver verification codes and critical status updates. The content is brief and contains no clickable links.

Genuine SMS Scenarios

Scenario Sample Content Contains Links?
New Device Login [Binance] Your verification code is 482937. Valid for 10 mins. No
Withdrawal Verification [Binance] Withdrawal verification code: 738201. Don't share. No
Password Change [Binance] Your password reset code is 920134. No
2FA Reset [Binance] 2FA reset code: 471830. No
KYC Approved [Binance] Your identity verification has been approved. No
Large Withdrawal Confirmation [Binance] Withdrawal of 1 BTC to bc1qxxx requested. Code: 192847. No
API Key Modification [Binance] Your API key was modified at 2026/04/27 10:23 UTC. No

Characteristics of Genuine SMS

  1. Starts with [Binance] (or a [BIN] short code in some regions).
  2. Short content, typically between 30 and 100 characters.
  3. No URL links whatsoever.
  4. Verification codes are 6-digit pure numbers.
  5. Primarily in English, though some regions may receive localized versions.
  6. No calls to action like "Click here" or "View more" at the end.

Common Phishing SMS Templates

A: Phishing texts often include links, use urgent language, or offer rewards, often while spoofing a Binance sender ID.

Template 1: "Account Abnormality, Verify Now"

[Binance] Abnormal login detected on your account. Please verify your identity within 2 hours or your account will be frozen: bnc-secure.com/v?u=xxx

Features:

  • Creates a sense of urgency (within 2 hours).
  • Includes a short link or a fake domain.
  • Threatens to "freeze" the account.

The Truth: Binance never uses SMS to notify you of "account abnormalities," nor does it require verification via an SMS link.

Template 2: "You Have Won a Reward"

[Binance Official] Congratulations! You have won a New Year's gift of 0.1 BTC. Please claim it today: t.cn/xxxxx

Features:

  • Promotional/marketing language.
  • Short links (t.cn, dwz.cn, or custom short domains).
  • Vague about the source of the funds.

The Truth: All Binance rewards are distributed via the App or the official binance.com account dashboard. They are never announced via SMS links.

Template 3: "USDT Incoming, Please Confirm"

[Binance] 5,000 USDT is arriving in your account. Please click to confirm receipt: binance-confirm.cc/r?id=xxx

Features:

  • Simulates a deposit notification.
  • Financial bait (5,000 USDT).
  • Fake domain (e.g., .cc).

The Truth: USDT deposits do not require "confirmation." Once the on-chain confirmations are met, the funds arrive automatically. Binance will never ask you to "confirm receipt" via a link.

Template 4: "VIP Upgrade Invitation"

[Binance VIP] You have been selected for the VIP experience with 0 fees. Scan the code to join: bnvip.top/u/123

Features:

  • Claims to be a "VIP invitation."
  • Asks you to scan a QR code or click a link.
  • Uses cheap domain extensions like .top or .vip.

The Truth: Binance VIP levels are determined automatically based on trading volume and asset holdings. You don't "join" through an invitation link, and Binance doesn't market VIP status through SMS.

Template 5: "Customer Support is Online"

[Binance Support] Your ticket has been assigned to Manager Zhang. Please contact us on Telegram @binance_zhang

Features:

  • Claims to be a specific "Support Manager."
  • Directs you to Telegram.
  • Claims a ticket has been "assigned."

The Truth: Binance support communicates exclusively through the official website or the in-app support system. They never use SMS to direct you to private chat accounts like Telegram.

Who is Sending the Phishing SMS?

A: Phishing sender IDs fall into three main categories, all of which require caution.

Type 1: Forged International Sender IDs

SMS gateways allow for custom "Sender IDs." Scammers can set the sender name to "Binance," "BinanceCS," etc. While it looks official, it's actually sent from a generic international SMS provider. On iPhones, you might see "Binance" as the sender, but no actual phone number is visible in the details.

Type 2: Ordinary Mobile Numbers

Scammers may use standard mobile numbers from various regions. While these look less professional, they can sometimes bypass spam filters more easily.

Type 3: Enterprise Short Codes (e.g., 106/95/400)

Some sophisticated groups use black-market enterprise SMS channels. These appear as 8-11 digit codes (like 106xxx). This method is more expensive and is often used for "precision phishing" where scammers already have some of your account info.

The Real Binance Sender ID

Binance's international SMS channels vary by country:

  • Most countries: International short codes displaying "Binance."
  • USA: Local long numbers or 5-6 digit short codes.
  • Certain regions: Localized enterprise short codes.

If you receive a message in Chinese from a local number claiming to be Binance, it is 100% a phishing scam.

Why You Should Never Click SMS Links

A: Clicking a phishing link can lead to credential theft, malware downloads, device fingerprinting, or the triggering of zero-day exploits.

Consequence 1: Credential Theft

The most common outcome. The link takes you to a fake site that looks exactly like binance.com. Once you enter your email, password, and 2FA code, the scammers use that info to log into the real site and withdraw your funds immediately.

Consequence 2: Malicious App Downloads

The link might lead to a fake download page, prompting you to install a "New Binance Version" APK or iOS configuration profile. These malicious apps request excessive permissions to steal your SMS messages, read your clipboard (to steal wallet addresses), or record your screen.

Consequence 3: Device Fingerprinting

Even if you don't enter any info, the phishing site can record your:

  • IP address
  • Device model and OS version
  • Browser User Agent
  • Screen resolution and time zone

Scammers use this data to determine if you are a "high-value target" for future coordinated attacks, such as fraudulent phone calls or Telegram messages.

Consequence 4: Exploit Triggers

Some links leverage unpatched vulnerabilities in browsers or operating systems. Clicking the link could trigger a "drive-by download" of malicious payloads without any user interaction. This risk is highest on older or mid-range Android devices.

How to Handle Suspicious SMS Correctly

A: Do not click, do not reply, do not forward. Self-check your account and report the message.

Recommended Workflow

  1. Do not click any links, including "Unsubscribe" or "Opt-out" prompts. Scammers use these to confirm that your number is active.
  2. Do not reply.
  3. Open a browser independently and manually type in binance.com to log in and check your account status.
  4. Items to verify:
    • Login History (Settings → Security → Login Activity)
    • Withdrawal Records (Wallet → Withdrawal History)
    • API List (Settings → API Management)
    • Device List (Settings → Security → Device Management)
  5. If you find a real abnormality: Immediately change your password, reset your 2FA, and contact official support via a ticket.
  6. If there is no abnormality: Report the SMS as spam.
    • iPhone: Long press → Report Junk.
    • Android: Use the "Report as spam" option in the messaging app.
  7. Do not delete the message immediately; keep it as potential evidence for authorities.

If You Have Already Clicked a Link

  1. Clicked but entered no info: Close the page, clear your browser cache, run a virus scan, and monitor your account for the next few days.
  2. Entered your password: Immediately go to binance.com, change your password, reset 2FA, set up an anti-phishing code, and check your API keys.
  3. Entered a 2FA code: Treat it the same as the above. Even if the code has expired, the scammers may have already used it to gain access.
  4. Downloaded an App: Uninstall it immediately, run a virus scan, and change all your passwords. If you are on Android and the app gained root or device admin access, a factory reset is recommended.
  5. Transferred USDT: On-chain transactions are generally irreversible. Save all transaction hashes, SMS screenshots, and report the incident to your local cybercrime authorities.

For more background on this site, see About BabiaHub, and for related risks, see our Disclaimer.

How to Reduce Phishing SMS

A: Start at the source—minimize the exposure of your phone number and use carrier-provided anti-harassment services.

Minimize Exposure

  • Use a dedicated secondary number or virtual number for sensitive accounts like Binance.
  • Avoid leaving your phone number on public forums or social media.
  • Don't use your primary number for unimportant websites.

Carrier and OS Services

  • Most major carriers offer free spam-blocking services; contact your provider to activate them.
  • iPhone Settings: Go to Settings → Messages → Filter Unknown Senders. This moves messages from unknown numbers to a separate tab.
  • Android Settings: Most brands have a "Spam protection" toggle within the Phone or Messages app.

FAQ

Q: My SMS sender displays "Binance." How can it still be phishing? A: The "Sender ID" is easily forged through international SMS gateways. Always judge the message by its content: if it contains a link, it is not a genuine Binance SMS.

Q: If a verification code SMS doesn't have a link, does that mean it's definitely real? A: Not necessarily. Scammers can send link-less texts like "Your password has been reset, code: 482937" to set the stage for a follow-up fraudulent phone call. However, the inverse is true: if it has a link, it is definitely a scam.

Q: I received a text saying "Withdrawal of 1 BTC initiated, code: xxxx," but I didn't do it. What now? A: Someone may be trying to access your funds. 1. Never share that code with anyone. 2. Go to binance.com and change your password immediately. 3. Reset your 2FA. 4. Check your API and login history. 5. Open a support ticket.

Q: I gave my code to someone claiming to be "Binance Support," and my money was stolen. Can I get it back? A: On-chain transactions are irreversible, and Binance cannot pull the funds back. You should save all evidence (SMS, call logs, chats, transaction hashes) and report it to your local law enforcement and on-chain reporting platforms like chainabuse.com.

Q: Will filtering "Unknown Senders" on my iPhone cause me to miss real Binance codes? A: It might move them to the "Unknown Senders" tab because the international sender isn't in your contacts. It won't prevent the message from arriving; you just need to check that specific tab when you're expecting a code.