Learn how to spot deceptive requests online and take recommended steps to help protect your Gmail and Google Account.
What phishing is
Phishing is an attempt to steal personal information or break in to online accounts using deceptive emails, messages, ads, or sites that look similar to sites you already use. For example, a phishing email might look like it's from your bank and request private information about your bank account.
Phishing messages or content may:
- Ask for your personal or financial information.
- Ask you to click links or download software.
- Impersonate a reputable organization, like your bank, a social media site you use, or your workplace.
- Impersonate someone you know, like a family member, friend, or coworker.
- Look exactly like a message from an organization or person you trust.
Avoid phishing messages & content
To help you avoid deceptive messages and requests, follow these tips.
1. Pay attention to warnings from Google
2. Never respond to requests for private info
Don’t respond to requests for your private info over email, text message, or phone call.
Always protect your personal and financial info, including your:
- Usernames and passwords, including password changes
- Social Security or government identification numbers
- Bank account numbers
- PINs (Personal Identification Numbers)
- Credit card numbers
- Birthday
- Other private information, like your mother’s maiden name
3. Don’t enter your password after clicking a link in a message
If you’re signed in to an account, emails from Google won’t ask you to enter the password for that account.
If you click a link and are asked to enter the password for your Gmail, your Google Account, or another service, don’t enter your information, go directly to the website you want to use.
If you think a security email that looks like it’s from Google might be fake, go directly to myaccount.google.com/notifications. On that page, you can check your Google Account’s recent security activity.4. Beware of messages that sound urgent or too good to be true
Scammers use emotion to try to get you to act without thinking.
Beware of urgent-sounding messages
For example, beware of urgent-sounding messages that appear to come from:
- People you trust, like a friend, family member, or person from work. Scammers often use social media and publicly available information to make their messages more realistic and convincing. To find out if the message is authentic, contact your friend, family member, or colleague directly. Use the contact info you normally use to communicate with them.
- Authority figures, like tax collectors, banks, law enforcement, or health officials. Scammers often pose as authority figures to request payment or sensitive personal information. To find out if the message is authentic, contact the relevant authority directly.
Tip: Beware of scams related to COVID-19, which are increasingly common. Learn more about tips to avoid COVID-19 scams.
Beware of messages that seem too good to be true
Beware of messages or requests that seem too good to be true. For example, don’t be scammed by:
- Get rich quick scams. Never send money or personal information to strangers.
- Romance scams. Never send money or personal info to someone you met online.
- Prize winner scams. Never send money or personal info to someone who claims you won a prize or sweepstakes.
5. Stop & think before you click
Use tools to help protect against phishing
1. Use Gmail to help you identify phishing emails
Gmail is designed to help protect your account by automatically identifying phishing emails. Look out for warnings about potentially harmful emails and attachments.
Note: Gmail won’t ever ask you for personal information, like your password, over email.
When you get an email that looks suspicious, here are a few things to check for:
- Check that the email address and the sender name match.
- Check if the email is authenticated.
- See if the email address and the sender name match.
- On a computer, you can hover over any links before you click on them. If the URL of the link doesn't match the description of the link, it might be leading you to a phishing site.
- Check the message headers to make sure the "from" header isn't showing an incorrect name.
2. Use Safe Browsing in Chrome
To get alerts about malware, risky extensions, phishing or sites on Google’s list of potentially unsafe sites, use Safe Browsing in Chrome.
In your Safe Browsing settings, choose Enhanced Protection for additional protections and to help improve Safe Browsing and overall web security.
You can download Chrome at no charge.3. Check for unsafe saved passwords
4. Help protect your Google Account password
5. Learn about 2-Step Verification
Report phishing emails
When we identify that an email may be phishing or suspicious, we might show a warning or move the email to Spam. If an email wasn't marked correctly, follow the steps below to mark or unmark it as phishing.
Important: When you manually move an email into your Spam folder, Google receives a copy of the email and any attachments. Google may analyze these emails and attachments to help protect our users from spam and abuse.
Report an email as phishing
- On a computer, go to Gmail.
- Open the message.
- Next to Reply , click More .
- Click Report phishing.
Report an email incorrectly marked as phishing
- On a computer, go to Gmail.
- Open the message.
- Next to Reply , click More .
- Click Report not phishing.