Malware, phishing & spoofing

Use Anti-malware Software

Malware is software that accesses your personal information or performs other unwanted commands on your computer. To learn more about malware prevention and detection, please visit our Security Center.

Avoid Being Phished

Phishing is a message or website that tries to trick you into revealing personal information by appearing to be from a legitimate source, such as a bank (or Google!). If you receive a suspicious message, do not provide the information requested. Messages or websites phishing for information might ask you to enter:

  • Usernames and passwords
  • Social Security numbers
  • Bank account numbers
  • PINs (Personal Identification Numbers)
  • Full credit card numbers

Legitimate messages sent by Google may ask you to click a link to verify your email address. If we're unable to verify the information in your Google Wallet account, we'll request additional documentation from you by sending an email from or This email will ask you to sign in to your Google Wallet account and submit documents that verify your billing details. Google won't ask you to provide this sort of information until you've successfully signed in to your account.

Report Phishing

If you're concerned about the legitimacy of an email sent by Google, please report the suspicious message. On the form, you'll be asked, "Did the message appear to be from someone impersonating Google?" Be sure to click "Yes."

If you're a Gmail user, you can report a message as phishing with the link provided in the message header. Learn more.

Security when sending and receiving money with Google Wallet and Gmail

All Google Wallet transactions, including those sent to a non-Gmail address, are monitored 24/7 for fraudulent or unauthorized activity and covered by Google Wallet Purchase Protection.

If you've never received money from someone through Wallet before, you'll receive an email the first time friends or family send you money. It will tell you how to verify your identity in order to claim your money. Please keep in mind that this is a one-time process, and your Google Wallet will be set up to automatically receive money into your Wallet Balance once you've verified your identity and successfully claimed money for the first time. Once this happens you shouldn't receive this message again, you'll only get an email receipt.

To verify if the email with money attached is legitimate, you can check the following:

  • Clicking on Claim money takes you to
  • If this is not your first time claiming money, you should not receive an email asking you to take further action. The money should be automatically credited into your Wallet Balance. Log in to Google Wallet at and check to see if the transaction amount is a line item in your account.

You can also contact the sender to double check that that he or she sent you the money. If you receive a suspicious email that looks like it's from Google, you can report it here.

Google takes your online security very seriously. Any financial information stored in Google Wallet is safely encrypted on secure servers in a secure location. All transactions are monitored 24/7 for fraudulent or unauthorized activity. If fraud is detected on your account, transactions will be slowed or stopped to assure the security of your account.

Recognize Spoofing

Spoofing is falsifying the 'from' address of an email by displaying a false sender. To find the true sender of an email in Gmail, click the drop-down next to the time stamp labeled 'reply', and select 'show original'. The 'reply-to' address and the 'from' address should match. The message-id should also match the 'from' address domain. If you don't use Gmail, please consult your email host for details on how to verify the sender.

Make sure you know where a message originated from before you communicate with the sender, download attachments, or click on links.

If you receive a message spoofing Google, please report the suspicious email. Remember to select 'Yes' when answering the question 'Did the message appear to be from someone impersonating Google?'