Avoid phishing messages

Learn how to spot fraudulent online orders, and then the next steps to help protect your account on our app.

What is phishing

Phishing is an attempt to steal personal information or break into online accounts using deceptive emails, messages, ads, or websites that resemble those you already use. For example, a phishing email may appear to come from your bank or our app requesting information about your bank account or private information.

Phishing messages or content may lead to:

• Request your personal or financial information.
• Ask you to click on the links or download the software.
• Impersonating a reputable organization, such as your bank, social media site, or workplace.
• Impersonating someone you know, such as a family member, friend, or co-worker.
• It looks like a message from an organization or person you trust.
• Avoid phishing messages and content.

To help you avoid fraudulent messages and requests, follow these tips.

1. Pay attention to warnings from Google in your email:

Google uses advanced security to warn you about dangerous messages, unsafe content, or fraudulent websites. If you receive a warning, avoid clicking links, downloading attachments, or entering personal information. Even if you do not receive a warning, do not click on links, download files, or enter personal information in emails, messages, web pages, or pop-ups from untrustworthy or unknown providers.

2. Never respond to requests for private information:

Do not respond to requests for your private information via email, text messages, or phone calls.

Always protect your personal and financial information, including:

Usernames and passwords, including password changes

Social Security numbers or government identification numbers

Bank account numbers

PINs (Personal Identification Numbers)

Credit card numbers

birthday

Other private information, such as the name of a childhood friend

Tip: Don't give out contact information, such as your email address or phone number, to a website unless you're sure it's reliable. Do not post your contact information in public forums.

3. Do not enter your password after clicking on the link in the message:

If you're signed in to an account, emails from Google won't ask you to enter the password for that account.

If you click a link and are asked to enter your password for your Gmail, Google Account, or other service, don't enter your information, go directly to the website you want to use.

4. Beware of messages that seem too urgent or too good to be true:

Scammers use emotion to try to get you to act without thinking.

Beware of messages that appear urgent

For example, be wary of urgent-looking messages that appear to come from:

People you trust, such as a friend, family member, or someone from work. Scammers often use social media and publicly available information to make their messages more realistic and convincing. To find out if the message is real, contact your friend, family member, or colleague directly. Use the contact information you normally use to contact them.

Authority figures, such as tax collectors, banks, law enforcement, or health officials. Scammers often pose as authority figures to request payment or sensitive personal information. To find out whether the message is real, contact the relevant authority directly.

5. Stop and think before you click:

Scammers often attempt to deliver unsolicited software in links via email, social media posts or messages, and text messages. Never click on links from strangers or untrustworthy sources.

 6. Use Gmail to help you identify phishing emails:

Gmail is designed to help protect your account by automatically recognizing phishing emails. Look for warnings about potentially malicious emails and attachments.

When you receive an email that looks suspicious, here are some things to check:

Make sure the email address and sender name match.

Check if the email is authenticated.

See if the email address and sender name match.

On a computer, you can hover over any links before clicking on them. If the link URL does not match the link description, it will likely lead you to a phishing site.

Check message headers to make sure the from header does not display an incorrect name.

You must be careful to preserve your personal data, such as your email, password, and any other information related to you that may be used against you at any time to defraud you.