Pin Me

Preventing Phishing Gmail Messages

written by: Donna Buenaventura•edited by: Aaron R.•updated: 7/30/2010

Phishing e-mails also arrive in the popular and free Google Gmail e-mail service. Phished or spoofed email senders will try to trick people so that they can steal their money and identity. You need to delete all phishing gmail e-mails and verify the sender of gmail messages.

  • slide 1 of 5

    Phishing in Free Gmail E-mail Service

    Image Credits: No online service is safe from phishers, including Gmail. Gmail's web-based e-mail service may receive or be used to send phishing e-mails, if the bad guy can spoof gmail e-mail addresses. Learn how to identify phishing Gmail messages when you login to Gmail's website or when retrieving the messages using an e-mail program.

  • slide 2 of 5

    Phishing Gmail Messages

    A phished or spoofed Google or Gmail e-mail message has only one purpose: stealing your personal or financial information. The Image Credit: Graham Cluley Blog at Sophos sender will ask you to provide your login credentials, password or other personal information such as your social security number, mother’s maiden name, birthday, PIN code or birth location. When they have the information they need, the attacker will try to login as you and steal your money or identity.

    Below is an example of a phishing Gmail message:

    From: Gmail Security Team

    Subject: Secure Your Gmail Account

    We have initiated verification on your email address.

    Verifying your email address ensures that you can securely retrieve your account information if your password is lost or stolen. You must verify your email address before you can use it on Gmail services that require an email address.

    To complete verification, click on the link below:


    For your security, please keep your email address information up-to-date.

    Thank You

    Gmail Team

    © 2010 Google. All Rights Reserved

    The email is not from Google or the Gmail Security Team but from phishers. The link as per Graham Cluley of Sophos will display a fake Gmail login webpage.

  • slide 3 of 5

    Hacked Gmail Accounts

    Some legitimate Gmail accounts have been hacked a few months ago. The hacker sends out e-mails using these hacked Gmail account to the contacts of the victim, found in the address book. You will find the report in the Gmail support forums.

    You should regularly change your password and if you receive a spam e-mail using your friend or contact's email address, immediately advise your friend about the incident and suggest changing their password.

  • slide 4 of 5

    How to Prevent Becoming a Victim of Phishing on Gmail?

    You must not click any links in unknown messages and never respond to phishing e-mails. Gmail Support or Security Team will never ask for your password, social security number or credit card information. You should immediately delete the message or report it to Google. To report a phishing Gmail message: Open the message > click down the arrow next to Reply > select Report Phishing.

  • slide 5 of 5

    Does Google Authenticate the Senders of Gmail E-mail?

    Yes, Google will authenticate e-mails sent by Gmail account users. Gmail has added a security feature to its service by authenticating the sender of a Gmail account. On the Gmail website go to Email from your contact list in Gmail then click "show details to display the header."

    If the e-mail message’s header has been authenticated (signed and mailed by, you will see this:Mailed and signed Gmail message If you are retrieving your Gmail e-mails using Outlook, Thunderbird, Outlook Express, Windows Mail or another email program, you should check the ‘spf’ and ‘dkim’ with pass:Gmail in Outlook: SPF and DKIM Pass SPF stands for Sender Policy Framework and DKIM stands for DomainKeys Identified Mail. You can read about it in and