Phishing is the fraudulent attempt to obtain private account information for the purpose of stealing from you. It's a common practice throughout the Internet. All Google services have safeguard measures to help protect you from phishing. Learn how Gmail protects you, and how you protect yourself.
"Phishing" For Your Private Information
Phishing attacks are becoming more and more common on the Internet. Phishing involves fooling someone with an email--tricking them into giving away sensitive information, like a Social Security Number, back account number, or email account password. Some attacks are simple to spot, while others require careful inspection of the header information in the email. Phishing attacks are the first step to identity theft.
Gmail actually has three levels of defense against phishing attacks.
Level 1: DomainKeys
DomainKeys is a technology developed by Yahoo and licensed by Google that validates emails from Ebay and PayPal. Since these two email domains are the ones most commonly chosen by phishing attackers, filtering them out will stop a large portion of phishing attacks. The system checks the source information, and if it doesn't match the email, then the message never arrives--not even in the spam folder.
Level 2: Phishing Alert
Before DomainKeys was added, Gmail already had an anti-phishing feature built in. If Gmail discovers that an email has mis-matched URL links, it will flag the email as a potential phishing attack and will display a red alert banner across the top of the email. It will also disable the URL links in the email. Any email that opens with that bright red banner should probably be deleted.
Level 3: The Ball is in Your Court
The most important defense against phishing attacks, though, is the reader of the email. Very few companies will request private information through email, especially through an unsolicited email.
If you're not sure that an email is a phishing attack, then visit the site directly--without clicking on any of the links in the suspect email--and check on it. For example, if the email says "Your account has been locked until you click here," then open a fresh browser window, go directly to the account, and see if it works.
Google says "One thing to be sure of: Google or Gmail will never ask you to provide this information in an email; if the message asking for it claims to be from us, don't believe it."