Help Center
What should I do about a message that asks for personal information?
Spam comes in a variety of forms, including fraudulent messages. This mass-messaging is called
'spoofing' or 'password phishing.'
Such fraudulent practices involve messages that appear to be from a legitimate source, or the creation of an official-looking webpage that asks you to provide your username and password or other personal information. Such messages or pages could ask for your Social Security number, bank account number, PIN number, credit card number, mother's maiden name, or birthday.
Spammers often ask for this information in an attempt to steal your Gmail account, your money, your credit, or your identity.
Google is currently testing a service designed to alert Gmail users to messages that appear to be phishing attacks. When the Gmail Team becomes aware of such an attack, the details of these messages are used to automatically identify future suspected phishing attacks.
The result: when a Gmail user opens a suspected phishing message, Gmail displays a warning.
Gmail's phishing alerts operate automatically, much like spam filtering. Gmail's spam filters automatically divert messages that are suspected of being unwanted messages into 'Spam'. Similarly, Gmail's phishing alerts automatically display warnings with messages that are suspected of being phishing attacks so that users know to take care before providing any personal information.
You should always be wary of any message that asks for your personal information, or messages that refer you to a webpage asking for personal information. If you receive this type of message, especially from a source claiming to be Google or Gmail, please do not provide the information requested.
Here's what you can do to protect yourself and stop fraudsters:
Make sure the URL domain on the given page is correct, and click on any images and links to verify that you are directed to proper pages within the site. For example, the Gmail URL is http://mail.google.com/ or, for even more security, https://mail.google.com/. Although some links may appear to contain 'gmail.com,' you may be redirected to another site after entering such addresses into your browser.
Always look for the closed lock icon in the status bar at the bottom of your browser window whenever you enter any private information, including your password.
Check the message headers. The 'From:' field is easily manipulated to show a false sender name. Learn how to view headers.
If you're still uncertain, contact the organization from which the message appears to be sent. Don't use the reply address in the message, since it can be forged. Instead, visit the official website of the company in question, and find a different contact address.
If you enter your account or personal information as the result of a spoof or phishing message, take action quickly. Send a copy of the message header and the entire text of the message to the Federal Trade Commission at spam@uce.gov. If you entered credit card or bank account numbers, contact your financial institution. If you think you may be the victim of identity theft, contact your local police.
Gmail doesn't send unsolicited mass messages asking for passwords or personal information. If you think your Gmail account has been compromised, contact us at mail-abuse@google.com. Please include the header of the suspicious message and the entire message text.
* If our system flags a message as phishing, but you've validated the source from which the message originated, click 'Report Not Phishing' to let us know the message is legitimate. And if you receive a message that our phishing detection system doesn't pick up on, click 'Report Phishing' to send a copy of the message to the Gmail Team.
updated 8/15/2007
Was this information helpful?
Yes No Contact Us
Such fraudulent practices involve messages that appear to be from a legitimate source, or the creation of an official-looking webpage that asks you to provide your username and password or other personal information. Such messages or pages could ask for your Social Security number, bank account number, PIN number, credit card number, mother's maiden name, or birthday.
Spammers often ask for this information in an attempt to steal your Gmail account, your money, your credit, or your identity.
Google is currently testing a service designed to alert Gmail users to messages that appear to be phishing attacks. When the Gmail Team becomes aware of such an attack, the details of these messages are used to automatically identify future suspected phishing attacks.
The result: when a Gmail user opens a suspected phishing message, Gmail displays a warning.
Gmail's phishing alerts operate automatically, much like spam filtering. Gmail's spam filters automatically divert messages that are suspected of being unwanted messages into 'Spam'. Similarly, Gmail's phishing alerts automatically display warnings with messages that are suspected of being phishing attacks so that users know to take care before providing any personal information.
You should always be wary of any message that asks for your personal information, or messages that refer you to a webpage asking for personal information. If you receive this type of message, especially from a source claiming to be Google or Gmail, please do not provide the information requested.
Here's what you can do to protect yourself and stop fraudsters:
Make sure the URL domain on the given page is correct, and click on any images and links to verify that you are directed to proper pages within the site. For example, the Gmail URL is http://mail.google.com/ or, for even more security, https://mail.google.com/. Although some links may appear to contain 'gmail.com,' you may be redirected to another site after entering such addresses into your browser.
Always look for the closed lock icon in the status bar at the bottom of your browser window whenever you enter any private information, including your password.
Check the message headers. The 'From:' field is easily manipulated to show a false sender name. Learn how to view headers.
If you're still uncertain, contact the organization from which the message appears to be sent. Don't use the reply address in the message, since it can be forged. Instead, visit the official website of the company in question, and find a different contact address.
If you enter your account or personal information as the result of a spoof or phishing message, take action quickly. Send a copy of the message header and the entire text of the message to the Federal Trade Commission at spam@uce.gov. If you entered credit card or bank account numbers, contact your financial institution. If you think you may be the victim of identity theft, contact your local police.
Gmail doesn't send unsolicited mass messages asking for passwords or personal information. If you think your Gmail account has been compromised, contact us at mail-abuse@google.com. Please include the header of the suspicious message and the entire message text.
* If our system flags a message as phishing, but you've validated the source from which the message originated, click 'Report Not Phishing' to let us know the message is legitimate. And if you receive a message that our phishing detection system doesn't pick up on, click 'Report Phishing' to send a copy of the message to the Gmail Team.
updated 8/15/2007
Was this information helpful?
Yes No Contact Us