Learn how to spot deceptive requests online and take recommended steps to help protect your Gmail and Google Account.
What phishing is
Phishing is an attempt to steal personal information or break into online accounts using deceptive emails, messages, ads or sites that look similar to sites you already use. For example, a phishing email may look as though it's from your bank and request private information about your bank account.
Phishing messages or content may:
- Ask for your personal or financial information.
- Ask you to click links or download software.
- Impersonate a reputable organisation, such as your bank, a social media site you use or your workplace.
- Impersonate someone you know, such as a family member, friend or coworker.
- Look exactly like a message from an organisation or person you trust.
Avoid phishing messages and content
To help you avoid deceptive messages and requests, follow these tips.
1. Pay attention to warnings from Google
2. Never respond to requests for private info
Don't respond to requests for your private info by email, text message or phone call.
Always protect your personal and financial info, including your:
- Usernames and passwords, including password changes
- National insurance number or government identification numbers
- Bank account numbers
- PINs (Personal Identification Numbers)
- Credit card numbers
- Other private information, such as your mother's maiden name
3. Don't enter your password after clicking on a link in a message
If you're signed in to an account, emails from Google won't ask you to enter the password for that account.
If you click on a link and are asked to enter the password for your Gmail, Google Account or another service, don't enter your information. Instead, go directly to the website that you want to use.If you think that a security email that looks as though it's from Google might be fake, go directly to myaccount.google.com/notifications. On that page, you can check your Google Account's recent security activity.
4. Beware of messages that sound urgent or too good to be true
Scammers use emotion to try to get you to act without thinking.
Beware of urgent-sounding messages
For example, beware of urgent-sounding messages that appear to come from:
- People you trust, such as a friend, family member or person from work. Scammers often use social media and publicly available information to make their messages more realistic and convincing. To find out if the message is authentic, contact your friend, family member or colleague directly. Use the contact info you normally use to communicate with them.
- Authority figures, such as tax collectors, banks, law enforcement or health officials. Scammers often pose as authority figures to request payment or sensitive personal information. To find out if the message is authentic, contact the relevant authority directly.
Tip: Beware of scams related to COVID-19, which are increasingly common. Learn more about tips to avoid COVID-19 scams.
Beware of messages that seem too good to be true
Beware of messages or requests that seem too good to be true. For example, don't be scammed by:
- Get-rich-quick scams. Never send money or personal information to strangers.
- Romance scams. Never send money or personal info to someone you met online.
- Prize winner scams. Never send money or personal info to someone who claims you won a prize or competition.
5. Stop and think before you click
Use tools to help protect against phishing
1. Use Gmail to help you identify phishing emails
Gmail is designed to help protect your account by identifying phishing emails automatically. Look out for warnings about potentially harmful emails and attachments.
Note: Gmail won't ever ask you for personal information, such as your password, by email.
When you get an email that looks suspicious, here are a few things to check for:
- Check that the email address and sender name match.
- Check whether the email is authenticated.
- See if the email address and sender name match.
- On a computer, you can hover over any links before you click on them. If the URL of the link doesn't match the description of the link, it might be leading you to a phishing site.
- Check the message headers to make sure that the 'from' header isn't showing an incorrect name.
2. Use Safe Browsing in Chrome
To get alerts about malware, risky extensions, phishing or sites on Google's list of potentially unsafe sites, use Safe Browsing in Chrome.
In your Safe Browsing settings, choose Enhanced protection for additional protections and to help improve Safe Browsing and overall web security.You can download Chrome at no charge.
3. Check for unsafe saved passwords
4. Help protect your Google Account password
5. Learn about 2-Step Verification
Report phishing emails
When we identify that an email may be phishing or suspicious, we may show a warning or move the email to your Spam folder. If an email wasn't marked correctly, follow the steps below to mark or unmark it as phishing.
Important: When you manually move an email into your Spam folder, Google receives a copy of the email and any attachments. Google may analyse these emails and attachments to help protect our users from spam and abuse.