Avoid and report phishing emails

Learn how to spot deceptive requests online and take recommended steps to help protect your Gmail and Google Account.

What phishing is

Phishing is an attempt to steal personal information or break in to online accounts using deceptive emails, messages, ads, or sites that look similar to sites you already use. For example, a phishing email might look like it's from your bank and request private information about your bank account.

Phishing messages or content may:

Ask for your personal or financial information.
Ask you to click links or download software.
Impersonate a reputable organization, like your bank, a social media site you use, or your workplace.
Impersonate someone you know, like a family member, friend, or coworker.
Look exactly like a message from an organization or person you trust.

Avoid phishing messages & content

To help you avoid deceptive messages and requests, follow these tips.

1. Pay attention to warnings from Google

2. Never respond to requests for private info

3. Don’t enter your password after clicking a link in a message

4. Beware of messages that sound urgent or too good to be true

5. Stop & think before you click

Use tools to help protect against phishing

1. Use Gmail to help you identify phishing emails

2. Use Safe Browsing in Chrome

3. Check for unsafe saved passwords

4. Help protect your Google Account password

5. Learn about 2-Step Verification

Report phishing emails

When we identify that an email may be phishing or suspicious, we might show a warning or move the email to Spam. If an email wasn't marked correctly, follow the steps below to mark or unmark it as phishing.

Important: When you manually move an email into your Spam folder, Google receives a copy of the email and any attachments. Google may analyze these emails and attachments to help protect our users from spam and abuse.