Google will never send an unsolicited message asking you to provide your password or other sensitive information by email or through a link. If you're asked to share sensitive information, it's probably an attempt to steal your information, also known as 'phishing'. Sometimes businesses and hackers pretend to be associated with Google to try to trick people into providing more information than they should.
Here's what to do:
- Check whether it's actually Google trying to contact you. Until you're sure, don't give away any personal information or click any email links.
- Protect your account if you think you shared information with an untrustworthy source.
- Report the suspicious email, call or web page so that we can investigate it.
Check whether it's actually Google trying to contact you
Emails
-
Check that the email's message headers' from and return paths contain '@google.com'
If Google sends you an email, the 'From' address should contain '@google.com', and the 'Return-Path' should also contain '@google.com'. If you're contacted by a third party, check to see if they're a Google Partner.
Google Partners are agencies, marketing professionals and online experts who have been certified by Google to manage Google Ads accounts. To achieve Google Partner status, agencies must earn the Google Partner Badge, which signifies that the company is healthy, has happy customers and demonstrates Google best practices. Learn more about our third-party affiliations and about our Google Partners.
-
Check where an email's links are pointing. Link address URLs should contain 'google.com'
Before clicking any links in the email, right-click the link and select Copy link address or Copy link location. Then paste what you copied into a text document or text field to see what that URL actually says. If the URL is taking you somewhere other than a page on 'google.com', this URL might be taking you to a non-Google web page.
Phone calls
-
Ask the caller to send you an email.
If the caller is a Google representative, the email they send will have "@google.com" as the "From" address and "Return-Path". If you're contacted by a third party, check to see if they're a Google Partner.
Google Partners are agencies, marketing professionals and online experts who have been certified by Google to manage Google Ads accounts. To achieve Google Partner status, agencies must earn the Google Partner Badge, which signifies that the company is healthy, has happy customers and demonstrates Google best practices. Learn more about our third-party affiliations and about our Google Partners.
Protect your account
If you think you've been contacted by someone who's trying to trick you into sharing your password, credit card numbers or other sensitive information, don't give out your information. If you think that your account is at risk, use the steps below to protect it.
- Let us know as soon as possible through our account security form. My account was compromised.
- Follow our security tips to secure your account.
Report the suspicious email, call or web page
After protecting yourself, let us know what happened so that we can investigate it.
- Report an email or call: Use this form to connect with an Online Specialist.
- Report a webpage: Use this form to give us the URL of a suspicious webpage. If you received a link in an email, don't click the link to visit the webpage. Instead, right-click the link and select Copy Link Address or Copy Link Location. Then paste what you copied into the form.
- Report a third party: Use this form to let us know about an issue with a company that sells Google Ads services.