OKX anti-phishing code setting tutorial
Have you ever received an email that appeared to be from OKX, asking you to “verify your account immediately” or “claim an airdrop reward”? These are very likely phishing emails. OKX’s anti-phishing code feature is designed specifically to counter this threat — by embedding a secret phrase you set into all official emails, you can tell real emails from fakes at a glance.
This article will show you how to set up and use the anti-phishing code. For more on the concept and technical principles of anti-phishing codes, refer to the detailed guide on our wiki site.
What Is an Anti-Phishing Code?
An anti-phishing code is a custom text phrase you configure in OKX. Once set, every email OKX sends will display this phrase in a designated location.
How It Works
- You set a unique anti-phishing code in OKX (e.g., “CryptoSafe2026”)
- All emails sent by OKX afterward will include this phrase
- When you receive an email, if you see the correct anti-phishing code, it is a genuine email
- If the email does not contain the code or shows the wrong one, it is a phishing email
Why It Is Effective
Phishers can spoof sender addresses and copy email templates, but they cannot know your anti-phishing code. It is like a secret password agreed upon only between you and OKX.
Common Phishing Tactics
Before setting up the anti-phishing code, understanding common phishing techniques will help you stay vigilant.
Email Phishing
This is the most common attack method:
| Feature | Genuine Email | Phishing Email |
|---|---|---|
| Anti-phishing code | Displays your correct phrase | Missing or incorrect |
| Sender address | @okx.com | A similar but different domain |
| Link destination | Points to okx.com | Points to a fake website |
| Tone of content | Professional and standard | Often urgent or threatening |
| Personal info requests | Never asks for passwords | Frequently asks for passwords or keys |
Common Phishing Email Subjects
- “Your account is at risk — verify immediately”
- “Congratulations! Claim your OKX airdrop reward”
- “Your withdrawal request requires additional verification”
- “OKX account upgrade notice — please update your information”
- “Last chance: OKX limited-time event ending soon”
Other Phishing Channels
Besides email, phishing attacks may also come through:
- SMS: Fraudulent texts impersonating OKX with malicious links
- Social media: Fake OKX accounts posting bogus promotions
- Search engines: Paid ads leading to lookalike websites
- Messaging apps: Impersonators posing as support agents on Telegram and similar platforms
Step 1: Open Security Settings
Web Version
- Log in to the OKX website (confirm the address bar shows www.okx.com)
- Click your avatar in the top right corner
- Select “Security Settings”
- Find “Anti-Phishing Code” in the security features list
- Click “Set Up”
App Version
- Open the OKX app
- Go to “Me” or tap the avatar in the top left
- Select “Security Center”
- Find the “Anti-Phishing Code” option
- Tap “Set Up”
Step 2: Customize Your Anti-Phishing Code
Enter your unique anti-phishing code in the input field.
Recommendations
Ideal anti-phishing code characteristics:
- 8-20 characters in length
- A unique combination of letters, numbers, or other characters
- Easy for you to remember but hard for others to guess
- Do not use personal information (birthday, name, etc.)
Good anti-phishing code examples:
- “StarOcean2026crypto”
- “OKXSecureVerifyJupiter”
- “MySecure#Token$28”
Not recommended:
- “123456” (too simple, easily guessable)
- “johnsmith” (personal information)
- “OKX” (too short, not distinctive)
- “password” (common word)
Enter and Confirm
- Type your chosen anti-phishing code in the input field
- The system will ask you to complete security verification
- Enter your email verification code and/or Google Authenticator code
- Click Confirm to complete the setup
Step 3: Verify the Setup Works
After completing the setup, verify that the anti-phishing code is active right away:
Trigger an Official Email
You can trigger OKX to send an email by:
- Initiating a password change (just open the page — you do not need to actually change it)
- Logging in from a new IP address (triggers a security alert email)
- Making a small withdrawal
Check the Email
When you receive the OKX email:
- Open the email
- Look for the anti-phishing code at the top or bottom of the email body
- Confirm it matches what you set exactly
- If it matches, the setup was successful
Step 4: Build the Verification Habit
After setting the anti-phishing code, the most important thing is to make checking it every time a habit.
Standard Verification Process
When you receive any email claiming to be from OKX:
- First: Check whether the email contains your anti-phishing code
- Second: Verify the code is exactly correct (including capitalization and special characters)
- Third: Check that the sender address is @okx.com
- Fourth: If you need to click a link, hover over it first to check the actual URL
What to Do When You Spot a Phishing Email
If you determine an email is phishing:
- Do not click any links
- Do not reply to the email
- Do not download any attachments
- Mark the email as spam
- Optionally report it to OKX
Advanced Security Measures
The anti-phishing code is one component of a comprehensive security system. It works even better when combined with other measures.
Combined with Google Authenticator
The anti-phishing code helps you identify phishing emails, while Google Authenticator prevents unauthorized logins even if your password is compromised. Together, they cover most common attack scenarios.
Complete Your Security Setup
We recommend completing the following security settings as well:
- Enable Google Authenticator (2FA)
- Set a trading password
- Enable withdrawal address whitelist
- Bind both phone and email
- Set login IP restrictions (if needed)
For a comprehensive security setup plan, refer to the OKX Security Settings Checklist.
Change Your Anti-Phishing Code Periodically
Although the risk of your anti-phishing code being leaked is low, changing it every 3-6 months adds an extra layer of safety. Just remember your new code after updating.
Real Phishing Case Studies
Case 1: Fake Withdrawal Confirmation
A user received an email claiming “an abnormal withdrawal request was detected — click the link to cancel.” The email template looked nearly identical to an official OKX email, but it was missing the anti-phishing code. Because the user had set up the code, they instantly identified it as phishing and avoided a loss.
Case 2: Fake Airdrop Promotion
A user received an email about an “OKX Anniversary Airdrop of 1000 USDT,” with a link pointing to a lookalike website. Since the email did not contain the anti-phishing code, the user simply ignored it.
Case 3: Fake Account Upgrade Notice
A user received an email asking them to “upgrade their account security level” by re-entering their password and Google Authenticator code. The email included text attempting to mimic an anti-phishing code, but it did not match what the user had actually set. The user immediately reported the phishing attempt to OKX.
OKX Official Communication Channels
To avoid falling for phishing, knowing OKX’s official communication channels is essential:
| Channel | Official Information |
|---|---|
| Website | www.okx.com |
| Email domain | @okx.com |
| Official app | Search “OKX” in your app store |
| Support | In-app or on-site live chat |
| Social media | Verified official accounts |
OKX will never:
- Ask for your password via email or message
- Ask you to transfer funds to a specific address for “verification”
- Contact you through unofficial channels about “security issues”
- Ask for your Google Authenticator key
Summary
Setting up an anti-phishing code takes just 1 minute but provides ongoing protection for your account. In the cryptocurrency space, phishing is one of the most common causes of asset loss, and the anti-phishing code is the simplest and most effective tool against it.
After setting it up, make it a habit to “check the anti-phishing code first, then read the email.” Combined with Google Authenticator, a trading password, and other security measures, you can build a comprehensive account security defense.
Risk Warning: Phishing techniques are constantly evolving, and the anti-phishing code is only one part of your security. Always stay vigilant and never enter account information on any non-official OKX channel. If you receive a suspicious email or message, verify it immediately through OKX’s in-app live chat.
Continue Through The Topic Page
Security Settings
Go back to the topic overview when you want the full sequence, not just this single article.