author photo
By Bruce Sussman
Fri | Nov 30, 2018 | 10:21 AM PST

How can you tell if a message from "Google" requesting information is really from Google, Google Security, Google AdSense, Google AdWords, or other Google services?

These days, phishing emails look so real it is hard to tell if what we see in our inbox is authentic or not. And there are scammers around the globe trying to get you to enter your personal information so they can take advantage of it. 

Fake Google email example

This topic came up when two of my SecureWorld colleagues received this email yesterday, allegedly from "Google Ads," in their Gmail accounts:

fake-google-email-exampleAt first glance, this seems like great news. Google is going to send you money!

All you have to do is click the link and provide your bank account information and Google will issue your refund of $16.41. 

And that's the first red flag that tells you this is a fake Google email sent by hackers. It's asking you to clink a link and enter your private data.

Hackers are using these emails to "phish" you, hoping you will take the bait and reveal information they can use, sell, or trade for a profit.

Beware of urgent emails from Google, Google Security, or Gmail Security

And maybe you've received a fake warning in your Gmail account similar to what William L. posted about on a recent Google/Gmail help forum:

"I keep receiving emails that get placed into my spam folder. These emails are marked as SECURITY ALERTS from addresses with the GOOGLE logo, claiming that I am sending emails from my account, and that ACCESS to my account will be suspended in 24 hrs if I don't respond."

Beware of urgent emails of all types that ask you to take immediate action. This is a favorite of hackers, who want you to react fast before you have time to consider if it's a scam.

Things Google will never ask for in an email

Fortunately, fake emails can sometimes be easy to spot when you consider that Google promises to never ask for any of the following details in an email:

  • Usernames and passwords, including password changes
  • Social Security numbers
  • Bank account numbers
  • PINs (Personal Identification Numbers)
  • Credit card numbers
  • Your mother’s maiden name
  • Your birthday

New Google tips on spotting fake emails 

And Google has updated tips for us on how to know if a Google email is for real. Here are the tips, straight from Google:

  • "Google will never send an unsolicited message asking you to provide your password or other sensitive information by email or through a link. If you're asked to share sensitive information, it's probably an attempt to steal your information."
  • Check if it's actually Google trying to reach you: "If Google sends you an email, the 'From' address should contain ',' and the 'Return-Path' should also contain ''" But watch for addresses that are one letter off. At a glance, you might mistake Goggle for Google, or something like that.

  • Check where a Google email's links are pointing: Hover over a link and let the web address pop up. Says Google: "If the URL is taking you somewhere other than a page on ',' this URL might be taking you to a non-Google webpage."
  • If someone calls claiming to be from Google, ask them to send you an email from a Google address, and ask them to tell you things only Google would know (such as names of your ad campaigns or click numbers if you have an Ads related account).

How to report a Google phishing email

Google would like you to tell them about Google-related phishing emails and calls.

Google says to do the following:

  1. On a computer, go to Gmail 
  2. Open the message
  3. Next to Reply Reply, click More More.
    Note: If you're using classic Gmail, click the Down arrow Down Arrow.
  4. Click Report phishing

Hopefully, these tips will help you, your family, and your devices stay secure in this digital age we are living in.

[Podcast: Youth in Cybercrime]