Avoid and report phishing attacks

A phishing attack is a type of online fraud where someone tries to trick you into sharing personal information. Phishing is typically done through email, ads, or by sites that look similar to sites you already use. For example, someone may send you an email that looks like it’s from your bank which asks you to confirm your bank account number.

Information phishing sites may ask for

  • Usernames and passwords
  • Social Security numbers
  • Bank account numbers
  • PINs (Personal Identification Numbers)
  • Credit card numbers
  • Your mother’s maiden name
  • Your birthday

Report phishing sites

Report phishing sites you found through Google Search

If you think you found a phishing site, let us know.

Report sites that use the Google trademark

If you think a site is using the Google trademark or logo inappropriately, let us know. For example, you may find a non-Google site with Google or Gmail’s logo on the page.

Report a phishing site that showed up in your Google Search ads

If a phishing site showed up as a sponsored link above or to the right of your search results page, report the site by contacting AdWords.

Report a site or email address that pretended to be Google File a government complaint against a phishing site

Avoid phishing attacks

Be careful anytime you receive a message from a site asking for personal information. If you get this type of message, don’t provide the information requested without confirming that the site is legitimate. If possible, open the site in another window instead of clicking the link in your email.

Google will never send unsolicited messages asking for your password or other personal information.

More ways to protect yourself from phishing