Search
Clear search
Close search
Google apps
Main menu

Verify and report suspicious emails

“Phishing” emails are tricky emails that appear to come from a particular person or organization, but aren't actually sent by that person or organization. These types of email messages are typically sent by online criminals or hackers who are trying to trick you into going to a fake website and entering your personal information or account details.

We'll tell you in the next sections how to figure out if a message really came from us, and what to do if you think it's a phishing email.

Google Ad Exchange will never send an unsolicited message asking you to provide your password or other sensitive information by email or through a link. If you get an email asking you to share this information, it's probably a phishing email.

Verify an email is from Google

You can check an email's message headers to find out more details about where that email came from. If Google sends you an email, the "From" address should contain "@google.com," and the "Return-Path" should also contain "@google.com."

Before clicking any links in the email, right-click the link and select Copy Link Address or Copy Link Location. Then paste what you copied into a text document or text field to see what that URL actually says. If the URL is taking you somewhere other than a page on "google.com," this URL might be taking you to a non-Google webpage.

If the links in the email start with https, make sure that the actual web page you end up on also starts with https. This https is a sign that the web page you're on is using a secure server. Any page that asks for your password, your billing information, or any other sensitive information should always have https in its URL.

  1. Check the email's message headers.
  2. Check where the links are pointing.
  3. Confirm that https links are pointing to https pages.

Report phishing

If you think you've received a phishing email that's trying to trick you into sharing your password, credit card numbers, or other sensitive information, do not reply to the email itself. Instead, report the phishing email to us immediately, and we'll let you know if Google actually sent it or not.

If you think someone has broken into your Ad Exchange account, please contact us, and we'll look into it as soon as possible.

Next steps

Was this article helpful?
How can we improve it?