Phishing emails asking for personal information
Some spammers send fraudulent mass-messages designed to collect personal information, called 'spoofing' or 'password phishing.'
Here are a few ways you might recognize these messages:
- They ask you to provide your username and password or other personal information (e.g. Social Security number, bank account number, PIN number, credit card number, mother's maiden name, or birthday). Even if they appear to be from a legitimate source, or contain an official-looking webpage, be careful. Spammers often ask for this information in an attempt to steal your Gmail address, your money, your credit, or your identity.
- You might see a warning from Gmail when you open one of these messages. These phishing alerts operate automatically, much like spam filtering. Gmail's spam filters automatically divert messages that are suspected of being unwanted messages into 'Spam'. Similarly, Gmail's phishing alerts automatically display warnings with messages we suspect are phishing attacks so you know to exercise caution before providing any personal information.
You should always be wary of any message that asks for your personal information, or messages that refer you to a webpage asking for personal information. One thing to be sure of: Google or Gmail will never ask you to provide this information in an email; if the message asking for it claims to be from us, don't believe it.
Here's what you can do to protect yourself and stop fraudsters:
- Check the email address of the sender of the message by hovering your mouse cursor over the sender name and verifying that it matches the sender name.
- Check whether the email was authenticated by the sending domain. Open the message and click on the drop-down arrow below the sender's name. Make sure the domain you see next to the 'mailed-by' or 'signed-by' lines matches the sender's email address. For more information on email authentication, please visit our Email Authentication article.
- Make sure the URL domain on the given page is correct, and click on any images and links to verify that you are directed to proper pages within the site. For example, the Gmail URL is mail.google.com/ or, for even more security, mail.google.com/. Although some links may appear to contain 'gmail.com,' you may be redirected to another site after entering such addresses into your browser.
- Always look for the closed lock icon in the status bar at the bottom of your browser window whenever you enter any private information, including your password.
- Check the message headers. The 'From:' field is easily manipulated to show a false sender name. Learn how to view headers.
- If you're still uncertain, contact the organization from which the message appears to be sent. Don't use the reply address in the message, since it can be forged. Instead, visit the official website of the company in question, and find a different contact address.
- If you enter your Google account or personal information as the result of a spoof or phishing message, take action quickly. Send a copy of the message header and the entire text of the message to the Federal Trade Commission at email@example.com. If you entered credit card or bank account numbers, contact your financial institution. If you think you may be the victim of identity theft, contact your local police.
- Gmail doesn't send unsolicited mass messages asking for passwords or personal information. If you think your Gmail address has been compromised or taken over, please click here so we can help resolve the issue as quickly as possible.
* If our system flags a message as phishing, but you've validated the source from which the message originated, click the down arrow next to Reply at the top-right of the message pane, and select Report Not Phishing to let us know the message is legitimate. And if you receive a message that our phishing detection system doesn't pick up on, click Report Phishing to send a copy of the message to the Gmail Team.
Vivian is a Gmail expert and the author of this help page. Leave her feedback about this help page.