Protect yourself from scams by knowing who really emailed you
I recently received an email from what looked like my bank saying I should update my account, but it looked a little weird. I clicked on the “show details” link and quickly learned it wasn’t from my bank after all; instead of being sent from First National Bank’s real email address, this message originated from a random South African domain. If I hadn’t viewed these details, I could have been tricked — it wasn’t entirely obvious that this email was a fake.
Phishing messages are a form of spam that attempt to deceive recipients in order to gain access to their personal information. Starting today, Gmail will automatically display more information about the origin of certain messages you receive so you can be better informed and protect yourself from getting tricked. If someone fakes a message from a sender that you trust, like your bank, you can more easily see that the message is not really from where it says it’s from.
Whenever you receive a message from someone who isn’t already in your Gmail contacts, the header will now show the sender’s email address like this:
Websites sometimes send emails on behalf of someone, like when your friend Mike sends you an article from abc.com using one of the site’s “Share this story” links. Gmail will now show this information more prominently:
Gmail will also automatically detect suspicious messages and display a warning when it looks like someone may have spoofed a Gmail address (we do this by evaluating the message’s authentication data).
If you determine that an email is a phishing attempt, please let us know by reporting it (you can always do this by clicking the down arrow next to “Reply” at the top-right of the message and selecting “Report phishing”).
To learn more about how to avoid phishing scams, check out these previous posts:
How to steer clear of money scams
How to avoid getting hooked
Ensuring your information is safe online
Fighting phishing with eBay and PayPal
New in Labs: The super-trustworthy, anti-phishing key
Update (6/29/11): We received the following message from FNB, the real bank that was spoofed in the sample phishing message above: "FNB, or any South African bank for that matter, will never ask you to update your banking details via email. All such emails should be treated as spam. Please log any such scams with our FNB Fraud Team at 087 575 0011 or firstname.lastname@example.org."