Google will never send an unsolicited message asking you to provide your password or other sensitive information by email or through a link. If you're asked to share sensitive information, it's probably an attempt to steal your information, also known as "phishing." Sometimes businesses and hackers pretend to be associated with Google to try to trick people into providing more information than they should.
Here's what to do:
- Check if it's actually Google trying to reach you. Until you're sure, don't give away any personal information or click any email links.
- Protect your account if you think you shared information with an untrustworthy source.
- Report the suspicious webpage so we can investigate it.
Check the email's message headers
If Google sends you an email, the "From" address should contain "@google.com," and the "Return-Path" should also contain "@google.com."
Check where an email's links are pointing
Before clicking any links in the email, right-click the link and select Copy Link Address or Copy Link Location. Then paste what you copied into a text document or text field to see what that URL actually says. If the URL is taking you somewhere other than a page on "google.com," this URL might be taking you to a non-Google webpage.
Ask the caller to send you an email.
If the caller is a Google representative, the email they send will have "@google.com" as the "From" address and "Return-Path."
Ask the caller to provide you with your publisher ID, a list of your sites/apps, or the names and clicks of your ad units.
A Google representative will be able to access your account details.
If you think you've been contacted by someone who's trying to trick you into sharing your password, credit card numbers, or other sensitive information, don't give out your information. If you think your account is at risk, let us know as soon as possible through our account security form. My account was compromised.
After protecting yourself, let us know what happened so we can investigate it.
- Report a webpage: Use this form to give us the URL of a suspicious webpage. If you received a link in an email, don't click the link to visit the webpage. Instead, right-click the link and select Copy Link Address or Copy Link Location. Then paste what you copied into the form.