Identify "phishing" and "spoofing" emails

Phishing emails try to trick you into revealing personal information. They look like they're from a legitimate source, such as your bank or Google, but they're not. Spoofing is specifically faking the "From" address in an email to make it look like it's from someone you know.

How to spot fake messages

Never send personal information over email unless you're absolutely sure who you're sending it to. Messages or websites phishing for information might ask you to enter:

  • Usernames and passwords
  • Social Security numbers
  • Bank account numbers
  • PINs (Personal Identification Numbers)
  • Full credit card numbers

Real messages from Google might ask you to click a link to verify your email address, but you won't need to enter any information. If we can't verify your Google Wallet information, we might send you an email from or, and ask you to sign in to your Wallet and send certain documents that verify your billing details. Google won't ask you for any information until you've signed in at

Find the real sender of an email in Gmail

  1. Click the drop-down next to the "Reply" button and click Show original.
  2. Make sure the "From" address and the "Reply-to" address match.
  3. Check that the address on the "Message-id" also matches the "From" address domain.

If you don't use Gmail, ask your email host for details on how to verify a sender.

What to do with suspicious emails

If you receive a suspicious email, do not provide the information it asks for. Make sure you know where a message came from before you reply to the sender, download attachments, or click on links. If the message claims to be from Google, report the email.

How helpful is this article:

Feedback recorded. Thanks!
  • Not at all helpful
  • Not very helpful
  • Somewhat helpful
  • Very helpful
  • Extremely helpful