Your anti-phishing code is a unique code that Strike generates for your account and includes in every legitimate email we send you. It's a simple way to confirm an email is really from Strike and not a phishing attempt. If you receive an email claiming to be from Strike that doesn't show your code, it's not from us.

How to verify an email with your anti-phishing code

To find your current code and see when it was last updated, tap your profile icon in the mobile app or the web dashboard, and go to Security. Every genuine email from Strike will display this code, so you can cross-check the code in the email against the code shown in your app before acting on anything. The only time a code will not be present is in the rotation notice (Your Strike Anti-phishing Code Was Updated).

How to refresh your anti-phishing code

You may rotate your anti-phishing code at any time within the app. We recommend rotating it periodically, and immediately if you ever suspect someone else may have seen it. Strike may also rotate your code on your behalf if we detect a security concern.

Once refreshed, you'll receive a "Your Strike Anti-phishing Code Was Updated" email. This is the only Strike email that won't contain a code. From then on, all future emails from Strike will include the new code.

How to avoid phishing scams

If an email claims to be from Strike but the anti-phishing code is missing or doesn't match, don't click any links or reply, and forward it to [email protected].

If someone reaches out through other channels claiming to be from Strike support, ask them to tell you your anti-phishing code. A real rep can share it with you. Let them say the code first. Never read it out loud or type it to confirm, even if asked.

Strike will never ask you for your password, recovery phrase, 2FA codes, or anti-phishing code. For more tips on avoiding scams, see How do I identify a scam?.