Identify "phishing" and "spoofing" emails

Phishing emails try to trick you into revealing personal information. They look like they're from a legitimate source, such as your bank or Google, but they're not. Spoofing is specifically faking the "From" address in an email to make it look like it's from someone you know.

How to spot fake messages

Never send personal information over email unless you're absolutely sure who you're sending it to. Messages or websites phishing for information might ask you to enter:

  • Usernames and passwords
  • Social Security numbers
  • Bank account numbers
  • PINs (Personal Identification Numbers)
  • Full credit card numbers

Real messages from Google might ask you to click a link to verify your email address, but you won't need to enter any information.

If we can't verify your Google Wallet information, we might send you an email from,, or, and ask you to sign in and send certain documents that verify your billing details. We won't ask you for any information until you've signed in to your Google account.

Find the real sender of an email in Gmail

  1. Click the drop-down next to the "Reply" button and click Show original.
  2. Make sure the "From" address and the "Reply-to" address match.
  3. Check that the address on the "Message-id" also matches the "From" address domain.
  4. If you don't use Gmail, ask your email host for details on how to verify a sender.

What to do with suspicious emails

If you receive a suspicious email, do not provide the information it asks for. Make sure you know where a message came from before you reply to the sender, download attachments, or click on links. If the message claims to be from Google, report the email.

PC is a Wallet expert and author of this help page. Help her improve this article by leaving feedback below.

Was this article helpful?