How to spot scams, and what to do if you encounter one

Scams are on the rise, and the use of advanced technology by bad actors is making it easier than ever for fraudsters to trick people with phony emails, texts and phone calls. In the U.S., more than 21 million people fell victim to fraud last year, and 42% now say they’ve lost money to scams or had sensitive information obtained and used fraudulently. We’re committed to protecting people from scams and ensuring you’re safer with Google.

We have a long history of automatically protecting you from scams, including leveraging AI to block over 99.9% of phishing emails in Gmail and stop spam calls. But one of the best lines of defense for stopping scams is knowing what to look for as one-third of online users reported lacking the knowledge to identify scams.

So, building on our tips and tools for avoiding ad scams online, we’re sharing our top tips for spotting email, phone, text and web scams, and what to do if you encounter one.

Tips for spotting email scams

The easiest way to avoid email scams is to leverage protections built into Gmail, but whatever platform you use, here are some things to look for when you receive an email:

1. Be wary of emails from strangers. Be careful about opening emails from people you don’t know and be extra attentive if someone is asking you for personal information.
2. Think twice about urgent requests. Do not engage with emails from strangers urgently asking you to share personal information, especially things like bank account details, home addresses, or a credit card number.
3. Verify the sender’s email address. Even if an email looks like it’s from a trusted contact — like your bank — hovering over the sender’s email address will reveal the actual source. In many scams, the sender’s email preview might be different than the actual address. For example, the preview might say “Your bank” and when you hover over the address it actually says “yourbank1@y0urbank.com.”
4. Check for lookalike domains. Bad actors often use similar-seeming domains to trick people. For example, instead of the domain @thisisgoodlink.com a bad actor may use “@thisisagoodlink.support”.
5. Hover before you click a link. If you have any doubt about an email being from a trusted source, don’t click on links in the body. Either type the website address directly into the url bar yourself, or hover your cursor over the link to ensure the url does not link to a malicious site.
6. Grammar matters. While AI is making it easier for scammers to produce polished communications, many scam emails still contain clues like misspellings, poor grammar, or mismatched fonts. If you see these things in an email, think twice about opening it or clicking on any links in it.
7. Ignore password resets you didn’t submit. Many password reset requests are attempts by bad actors to get you to engage and inadvertently allow access to your account. If you didn’t request a password reset, just delete the email.

Tips for spotting phone and text scams

More people are receiving phone calls and unsolicited text messages asking for their personal information. Always remember: Google will never call you about your account.

1. Ask a lot of questions. Scammers rely on tricking you with misinformation, so ask a lot of questions to verify the details they have about you and don’t offer any information back. Often, scammers will get frustrated and it will become apparent they’re not who they say they are.
2. Don’t click on links sent through texts. Links sent through texts are a popular way scammers try to trick you. Do not click on links in texts, especially from people you don’t know. Never download apps sent to you through text messages from unknown sources.
3. Don’t share temporary credentials. Two-factor verification is designed to keep you safer, so temporary passwords, links or passcodes should never be shared. No legitimate business will ever ask for you to share your two-factor verification information.
4. Avoid urgent requests from callers. Like emails, be wary of urgent callers requesting sensitive information over the phone, especially as it relates to money or personal information. On the Android Phone app, you can mark all calls from a number as spam to stop getting more calls from them and to report the spammer.
5. Listen to the warnings from built-in protections. Security features in Google Messages and Phone by Google are there to help warn you when something seems suspicious, sending you a notification to caution when a message sent to your phone that could be used to steal your personal information.

Remember this rule: Nobody who should have your sensitive information will ever call and ask for it.

Tips for avoiding scams while searching the web

To keep you safe on Search, we have strict policies and advanced spam-fighting systems that keep Search 99% spam free and help combat scammers' attempts to deceive people. With ads, we use AI to protect users from fraud and to detect cyber criminals and scammers. Here are 5 additional tips for staying safe:

1. If in doubt, learn more about the ad and who made it. From any ad you see on Google, you can visit My Ad Center to get information about an advertiser and learn whether or not they have been verified, and our Ads Transparency Center shows all ads verified and published through Google.
2. Check URLs before clicking on unfamiliar links. As with email and text links, hover over a suspicious ad URL before clicking on it to ensure its not malicious.
3. Gather insights about the webpage, store or business. One way to get more information about an online source is with About this result (the three dots next to a search result), which lets you learn more about sources like an online store before clicking into its page.
4. Use simple search terms and be wary of unusual formatting. Our Search systems are designed to surface high quality, reliable information. When it comes to something like a customer service number, there's really only one "official" source of that information. Not all businesses have customer service numbers, so if you can't find one on their website, be mindful before you go digging to find one from another site or service. Beware of strange formatting, unusual fonts, or unexpected symbols or emojis, which could indicate a spoof site.
5. If you’re a business, highlight your customer support directly on Search. We want to make it easy for customers to reach legitimate businesses for customer support, and we encourage businesses to follow these steps to ensure their official information is accessible on Search.

Steps to take if you’ve been scammed

You can get ahead of several financial threats by using digital payments in Google Wallet, which helps protect your payment information and privacy. You can also use virtual card numbers when shopping online, which add an extra layer of security and helps protect you from potential fraud.

However, if your information has been fraudulently obtained or if you’ve been scammed — here are some steps you can take.

1. Change your passwords and ensure the scammers haven’t altered your account information.
2. Contact your banks and linked accounts to halt any further fraudulent activity and access.
3. Increase your security and enable: 2-Step Verification (2SV), passkey, password manager, Gmail spam protections and notifications, Safe Browsing's Enhanced Protection mode in Chrome and use Sign in with Google to make sure you’re better protected across all of your online accounts.
4. Report the crime to your local authorities and to government agencies like the FBI.

Test your scam spotting knowledge

You can test your scam spotting knowledge with Jigsaw’s new Phishing Quiz and learn more about avoiding and reporting scams on our help page.

Please also visit safety.google to learn more about the built-in protections that keep more people safe online than anyone else in the world.