Tips and tools to help you stay safer online
In addition to the automatic protections built into our products, here are some additional tips to help you avoid online scams and safely sign in to your apps and devices.
Online scams and phishing attempts are designed to trick unsuspecting users into revealing personal or financial information — and they are on the rise. One of the best lines of defense is knowing what to look for.
Spotting email scams
The easiest way to avoid email scams is to leverage protections built into Gmail, but whatever platform you use, here are some things to look for when you receive an email.
1. Be wary of emails from strangers
2. Think twice about urgent requests
3. Verify the sender’s email address
4. Check for look-alike domains
5. Hover before you click the link
6. Ignore password resets you didn’t submit
Spotting phone and text scams
More people are receiving phone calls and unsolicited text messages asking for their personal information. Always remember: Google will never call you about your account.
1. Ask a lot of questions
2. Don’t click on links sent through texts
3. Don’t share temporary credentials
4. Avoid urgent requests from callers
5. Listen to the warnings from built-in protections
Spotting scams on the web
To keep you safe on Search, we have strict policies and advanced spam-fighting systems that keep Search 99% spam free and help combat scammers’ attempts to deceive people. With ads, we use AI to protect users from fraud and to detect cyber criminals and scammers. Here are five additional tips for staying safe.
1. If in doubt, learn more about the ad and who made it
2. Check URLs before clicking on unfamiliar links
3. Gather insights about the webpage, store, or business using the About this result tool
4. Look for official resources and be wary of unusual formatting
5. If you’re a business, highlight your customer support directly on Search
Online scams are increasing in volume and complexity. Our Trust & Safety (T&S) teams at Google are responsible for tracking and fighting scams, and for sharing our observations and the information we gather to help keep everyone safer. Familiarize yourself with these scams, so you can steer clear of them.
1. Exploitation of Major Events
Safety Tip: During major events, make purchases or donations only through established platforms and official event organizers.
By combining new and emerging technologies with traditional scam techniques, bad actors can swiftly react to breaking news and major events, making their schemes appear more believable.
They know that during major events, people tend to feel pressured to act quickly — whether to secure high-demand concert tickets, buy limited-edition items, or help disaster victims — and scammers use this sense of urgency to their advantage.
Google has dedicated sensitive-event policies including for Ads and Shopping, monetization on YouTube, and Play. These policies prohibit products or services that exploit, dismiss, or condone the sensitive event, and use enhanced monitoring to keep you safer during major events.
2. AI-Generated Celebrity Investment Scams
Safety Tip: Be wary of any investment advice that seems to come from celebrities or business leaders, especially on social media. Watch for unnatural facial movements or expressions in videos — these can be signs that the content is fake. Remember: If an investment opportunity sounds too good to be true, it probably is.
Scammers create fake videos and images to make it appear as though well-known public figures are promoting their schemes.
These scams combine AI-generated photos, voiceovers, or videos (often called “deepfakes”) with fabricated news articles and social-media posts to promote fraudulent investment opportunities.
The combination of familiar faces, seemingly professional content, and the promise of high returns can make these scams particularly persuasive.
In 2024, we updated our Misrepresentation Policy to address public-figure impersonation scams in Google Ads.
YouTube has long-standing policies on impersonation, forbidding content that is intended to impersonate a person or channel, and on misinformation, prohibiting content that has been technically manipulated or doctored in a way that misleads users. And we develop open tools like SynthID to watermark and identify AI-generated content.
3. Fake Travel and E-Commerce Scams
Safety Tip: Always verify the website you’re on before making purchases. Be especially careful during major sale events — check the URL carefully, look for signs of legitimate security features, and be wary of unusually low prices or urgent time pressures. Use Google’s About this result feature to learn more about unfamiliar websites, and My Ad Center to find advertiser information such as name and location and to report a bad ad.
Scammers create fake websites that mimic legitimate shopping, travel, and retail sites. These deceptive sites often lure people with incredibly low prices on popular items, luxury goods, concert tickets, or travel deals.
Scammers also seek to manipulate business listings by trying to add fraudulent contact numbers to impersonate public business profile listings. They attempt to trick users into contacting scammers instead of legitimate customer-service representatives.
Google maintains strict policies and actively scans for and removes sites that engage in phishing, cloaking, or the impersonation of legitimate businesses.
As an additional safety layer, advertisers may be required to complete our advertiser verification program to verify information regarding their business or identity to help us better understand who they are and what they are advertising.
4. Remote Access Tech Support Fraud
Safety Tip: Never give anyone remote access to your device based on an unsolicited call or message. Legitimate companies won’t contact you first about technical problems — if you need support, always reach out through the official website or phone number of the company you want to contact. You can increase your security by enabling 2-Step Verification, passkeys, or Password Manager.
Scammers pose as technical support staff from well-known companies, banks, and government agencies. They create a sense of urgency by claiming there’s a problem with your device, account, or online security, often using convincing technical language and websites that closely mimic legitimate support pages.
These scammers use sophisticated techniques like caller ID spoofing and carefully scripted conversations to appear legitimate. They adapt their approach based on their target, and their ultimate goal is to convince victims to install remote access software, which gives them control over the device and access to personal information, banking details, and the ability to make unauthorized transactions.
At Google, our systems actively detect and block suspicious tech-support sites and advertisements. Google Messages has built-in security features that can alert you if something suspicious is detected. In addition, legitimate businesses can showcase their verified customer-support options directly on Google Search, while our Safe Browsing technology helps warn users about potentially dangerous sites and downloads.
5. Job Scams
Safety Tip: Be cautious of job offers that seem too good to be true or require handling money transfers. Legitimate employers won’t ask for payment during the hiring process or require you to use your personal accounts for business transactions. Always verify job opportunities through official company websites and channels. About this result can give you more information about the online source.
Scammers sometimes target job seekers with promises of high-paying remote work and international opportunities. These fraudulent job offers may appear on legitimate job sites and on social media platforms, making them particularly difficult to identify. Scammers often pose as legitimate international companies, offering positions in areas like cryptocurrency trading, data entry, or digital marketing.
While some operations aim to collect up-front fees or personal information, others unknowingly draw victims into money-laundering schemes or other illegal activities. For example, victims might be asked to handle financial transactions or cryptocurrency transfers, unknowingly participating in criminal activities that could have serious legal consequences.
At Google, we actively monitor for these schemes and remove fraudulent job listings across our platforms. Our systems are designed to detect and block suspicious job-related content that shows signs of potential fraud. We may also require additional verification to help us understand more about the actor behind the listing.
6. Predatory Loan Apps
Safety Tip: Only get loans from licensed financial institutions and official banking apps. Be very suspicious of loan apps that require access to your contacts, photos, or location — legitimate lenders don’t need this information. If an app offers instant approval with minimal documentation, it’s probably a scam. If you find an issue with an app or review on Google Play, you can flag it to our team.
Fraudulent lending apps target people who are seeking quick access to money, promising fast, easy loans with minimal paperwork. These apps are professionally designed to mimic legitimate financial services and banks. Once installed, they demand extensive access to personal information — including contacts, photos, and location data — which they may later use for harassment.
As part of these scams, victims typically receive less money than requested but must repay the full amount in addition to extremely high interest rates. When borrowers inevitably struggle with these terms, scammers use the personal data they collected to threaten and pressure them, often targeting their friends and family with harassment or threatening to share modified photos.
At Google, we maintain strict policies against deceptive financial-services apps on our platforms. We actively scan for and remove apps that request unnecessary device permissions or show signs of predatory behavior. Our Google Play Protect service helps identify and block harmful loan apps before they can be installed, and we work closely with financial regulators to identify and stop fraudulent operations. In some countries, we also require a specific verification process to advertise financial services on our platforms.
Test your scam-spotting skills
AI is making phishing attacks more sophisticated, personalized, and common. So, spotting what’s real and what’s fake is not always as easy as it looks. You can test your scam-spotting knowledge with a phishing quiz developed by Jigsaw, a unit of Google. Share it with your friends and family to help keep them safer online.
Signing in to online accounts presents one of today’s most prominent security risks, with millions of passwords exposed in data breaches every day. Our authentication and password tools are designed to help you quickly and securely sign in to the apps and services you love.
-
Simple and secure sign in, without passwords
Passkeys offer the simplest, most secure sign in using your device’s screen lock, so signing in is as easy as glancing at your phone or scanning your fingerprint. Based on FIDO Alliance and W3C standards, passkeys leverage the same public-key cryptographic protocols that underpin physical security keys, making them resistant to phishing, credential stuffing, and other remote attacks.
-
Defend against hackers with 2-Step Verification
2-Step Verification helps keep out anyone who shouldn’t have access to your account by requiring you to use a secondary authentication process on top of your username and password to sign in to your account.
-
Keep track of all your passwords
A password manager, like the one built into your Google Account, helps protect and keep track of the passwords you use on sites and apps. Google’s Password Manager helps you create, remember, and securely store all your passwords to safely and easily sign in to your accounts.
-
Check your passwords for security issues
Check the strength and security of all of your saved passwords with a quick Password Checkup. Learn if any of your saved passwords for third-party sites or accounts have been compromised, and easily change them if needed.
-
Lock down your phone if you lose it
If your phone is ever lost or stolen, you can visit your Google Account and select “Find your phone” to protect your data in a few quick steps. Whether you have an Android or iOS device, you can remotely locate and lock your phone so that no one else can use your phone or access your personal information.
-
Maintain up-to-date software
Review the software you use regularly to make sure you are always running the latest version available. Some services, including the Chrome browser, can update automatically so you have the latest security features and fixes.
-
Block potentially harmful apps from your phone
We take care of your device with Google Play Protect, Google’s built-in malware protection for Android, but you should always download your mobile apps from a source you trust. To keep your data protected, review your apps and delete ones you don’t use, enable app auto-updates, and limit app access to sensitive data like your location and photos.
-
Use a screen lock
When you are not using your computer, laptop, tablet, or phone, lock your screen to keep others from getting into your device. For added security, set your device to automatically lock when it goes to sleep.
-
Use secure networks
Be careful about using public or free WiFi, even if it requires a password. These networks may not be encrypted, so when you connect to a public network, anyone in the vicinity may be able to monitor your internet activity, including the websites you visit and the information you type in there. If public or free WiFi is your only option, the Chrome browser will let you know in the address bar if your connection to a site is NOT secure.
Watch this video to learn more about the importance of using secure WiFi connections, and for tips on how to secure your own WiFi network.
-
Ensure your connection is secure before entering sensitive information
When you are browsing the web — and especially if you plan to enter sensitive information like a password or credit-card number — make sure the connection to the sites you visit is secure. The default state of any connection is secure. If the connection is not secure, the Chrome browser will display a red “Not Secure” chip in the address bar. HTTPS helps keep your browsing safe by securely connecting your browser and apps to the websites you visit.
-
Google Location Accuracy
Google Location Accuracy uses publicly broadcast WiFi data from wireless access points and GPS, cell tower, and sensor data to improve location-based services. For instructions on how to opt out of having your WiFi access point collected, learn more here.