How to Set Up the Anti-Phishing Code on OKX?

 / 
OKX
 / 
5

The anti-phishing code is essentially a "secret signal" — once you set it, every official email fromOKXwill include this code. If an email lacks this code, it should be immediately treated as a phishing attempt; do not open it. The setup option is located in the "Anti-Phishing Code" section of theSecurity Center.

OKX Exchange
A leading global cryptocurrency platform,suitable for both beginners and experienced traders.
New user benefit: 20% off trading fees upon registration!!

1. Why Do You Need an Anti-Phishing Code?

Phishing emails are among the most common asset risks in the crypto space. Scammers forge official OKX emails, pretending to be about "account anomalies requiring verification," "prize claims," "system upgrades," etc., to trick you into clicking phishing links or entering account information. These emails often look very similar to real ones, making them hard to distinguish by sight alone.

The anti-phishing code helps you quickly identify genuine emails:Real emails will contain your preset unique characters; fake emails will not.This is a security measure explicitly recommended by the official help center.

2. Prerequisites Before Setting Up

  • KYC identity verification must be completed (the anti-phishing code option appears only after verification).

  • You must be able to log into your account.

  • It is recommended to have identity verification bound on the App or Web version.

3. Setup Steps on the App

  1. Open the OKX App and tap thePersonal Centericon at the top left of the homepage.

  2. Go toSecurity Center(in some older versions, it may be labeled "Security Settings").

  3. Find theAnti-Phishing CodeorAnti-Phishing Code Settingsoption and tap to enter.

  4. Enter your custom anti-phishing code (typically 4–10 alphanumeric characters; follow the on-screen prompts for exact requirements).

  5. Complete the security verification (via SMS or email code) and tap confirm to save.

4. Setup Steps on the Web

  1. Log in to the OKX website and click thePersonal Centericon at the top right.

  2. Go toSecurity Center, and under the security settings area, findAnti-Phishing Code.

  3. Click to set it up, then enter your custom anti-phishing code.

  4. Follow the on-screen prompts to complete identity verification (may require a Google Authenticator dynamic code or SMS verification).

  5. Confirm and submit.

5. How to Use It After Setup

Once set, every official email sent by OKX will include your anti-phishing code in the body.When you receive an email, quickly check the content — if it contains your code, you can safely read it. If it doesn't, delete the email immediately and do not click any links or attachments.

A key point: Phishing emails can look very realistic, and the sender address may even be spoofed to appear as "OKX." Do not rely solely on the sender address;use the presence of your anti-phishing code in the email body as the sole criterion for authenticity.

OKX Exchange
A leading global cryptocurrency platform,suitable for both beginners and experienced traders.
New user benefit: 20% off trading fees upon registration!!

6. Troubleshooting: Setup Failure or Missing Option

Cannot find the "Anti-Phishing Code" optionFirst, confirm whether KYC identity verification has been completed. The option is not displayed for unverified users. If verification is complete but the option is still missing, check if the App is updated to the latest version.

Verification fails during setupIf you don't receive the verification code — check your phone signal or email spam folder. Frequent attempts may trigger rate limiting; wait 15 minutes and try again. If the Web version requires a Google Authenticator dynamic code, ensure your phone's time is synchronized with the network time.

Message: "Anti-phishing code already exists"This means you have set one previously. To modify it, enter the same option and overwrite the existing code.

FAQ

Is the anti-phishing code the same as the login password or fund password?No. The login password controls account access, the fund password controls withdrawals, and the anti-phishing code is only used to verify email authenticity. They are completely independent.

I set the anti-phishing code, but some official emails don't show it. Did the setup fail?Some system notification emails (e.g., login alerts) may not include the anti-phishing code. Emails related to asset operations, activity notifications, and security alerts will include it. If you doubt an email's authenticity, you can use the "Official Channel Verification" feature within the official App to confirm the sender's identity.

Does the anti-phishing code need to be changed regularly?There is no mandatory requirement. However, if you suspect the code has been compromised (e.g., seen by someone else), it is recommended to reset it immediately.

After setup, it's advisable to trigger a test email from OKX (e.g., request a withdrawal email notification) to confirm that the anti-phishing code appears correctly in your inbox. Once you are familiar with this verification logic, handling any OKX-related emails will be much clearer.