A phishing website or message tries to trick you into revealing personal information by appearing to be from a legitimate source, such as a bank, social network, or even Google. If you receive a suspicious message, do not provide the information requested. We've included some tips to help you recognize phishing and keep your account secure.
Think before you click
Pay close attention to sign-in screens.
Cyber criminals can use links in emails, tweets, posts and online advertisements to direct you to fake sign-in screens, where they can steal your password. Only sign in to your account when you are certain you visited the real site directly. Check the Internet address to be sure.
How can I recognize phishing?
You should always be wary of any message that asks for your personal information or messages that refer you to a web page asking for personal information. If you receive this type of message, especially from a source claiming to be Google or Gmail, please don't provide the information requested. Google will never send unsolicited messages asking for your password or personal information, or messages containing executable attachments.
Messages or websites phishing for information might ask you to enter:
- Usernames and passwords
- Social Security numbers
- Bank account numbers
- PINs (Personal Identification Numbers)
- Full credit card numbers
- Your mother’s maiden name
- Your birthday
What should I do when I see a phishing scam?
Most importantly, never reply to suspicious emails, tweets, or posts with your personal or financial information. Also, don’t fill out forms or sign-in screens that link from these messages.
Most email providers, including Gmail, allow you to report suspicious emails and phishing scams. To report phishing in Gmail, click the drop-down arrow next to “Reply” and select “Report phishing.”
Select the Report Phishing Message option to finish the process.