Avoid & report phishing attacks
A phishing attack happens when someone tries to trick you into sharing personal information online.
How phishing works
Phishing is typically done through email, ads, or by sites that look similar to sites you already use. For example, you might get an email that looks like it’s from your bank asking you to confirm your bank account number.
Information phishing sites may ask for
- Usernames and passwords
- Social Security numbers
- Bank account numbers
- PINs (Personal Identification Numbers)
- Credit card numbers
- Your mother’s maiden name
- Your birthday
Report phishing sitesReport phishing sites you found through Google Search
If you think you found a phishing site, reporting the phishing page.
If you think a site is using the Google trademark or logo inappropriately, report the trademark violation. For example, you might find a non-Google site with a Google or Gmail logo on the page.
If a phishing site showed up as a sponsored link on your search results page, report the site by contacting AdWords.
Learn how to avoid and report Google scams.
Learn how to file a government complaint about a suspicious site.
Avoid phishing attacks
Be careful anytime you receive a message from a site asking for personal information. If you get this type of message, don’t provide the information requested without confirming that the site is legitimate. If possible, open the site in another window instead of clicking the link in your email.
Google will never send unsolicited messages asking for your password or other personal information.
More ways to protect yourself from phishing
Kaley is on the Search support team and author of this help page. Please leave her suggestions below on how to improve this article.