Child pages
  • Avoiding Spam and Phishing Emails

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

Can you spot when you're being phished? Take this quiz from Google and Jigsaw.

Here is an example of a spam malicious email message, and eight points that show you this is fake:


If you are ever suspicious of an email, it is better that you NOT click on any links or follow any instructions in the email. Contact the person or department the email is reportedly from via a different means, such as by phone. If you are concerned about the security of your password, navigate to the page in question yourself - not by following any links in the email - and change your password. As long as you have not clicked on any links or downloaded any attachments within a suspicious email, you can safely delete the message. (If you did follow a link or provide any sensitive information, go ahead and change your passwords. Consider running a virus scan. And depending on the scam, you may feel that some of the steps recommended in this USA Today article or this Google Support article are warranted.)

Someone shared a Google Doc with you...


titleBut you weren't expecting it...

Try calling them to check.

How can we recognize phishing attacks?

Some Questions to Ask Yourself about A Suspicious Email

Although making the time to check details can seem impossible, try to take a minute to notice a few things.

Image Removed

  • Does the name in the subject match the From: address?
  • What does the To: address say?
  • Are you listed in To: or in Bcc: (you should be in To:).
  • As with most spam, check for extra typos.

Viewing a file that is shared with you should not prompt you to approve additional access. Always pay close attention to WHO is asking for WHAT access, and consider carefully whether they need it or not (this is true of the apps you install on your phone, as well!).

Do you think your account was compromised?

Steps to Take After Receiving Spam or Phishing Emails

As long as you have not clicked on any links or downloaded any attachments within a suspicious email, you can report it as spam or phishing and safely delete the message.

Why report it? Because Google can use the data to better protect everyone. Enough reports received against a particular sender will prompt Google to block that sender. 

titleHow to report a spam or phishing message
  1. Open the email.
  2. Click on the 3 dot menu to the right of the email header (next to the time the message was received)
  3. Choose "Report spam" (highlighted in green) or "Report phishing" (highlighted in blue)
    Image Added

But is it spam or a phish?

Spam is categorized as uninvited advertising - a message sent to large groups of people trying to convince them to buy a product or service.

Phishing is more targeted and more malicious. It is an attempt to garner personal information - often usernames and passwords - that can be sold and/or used to gain access to other information, systems, and/or money.

If you did not recognize the scam...

There are a few things you should do if you think you've been phishedyour account may have been compromised.

  1. Change your password(s).
  2. Consider running a virus scan. 
  3. Consider enabling multifactor authentication on your account (if you haven't already done so).
    1. Google offers a multifactor option at
    2. Drew offers Duo Security at
  4. For a Google phish, check Check the following:
    1. In Gmail > Settings > Accounts and Import, look at "Check mail from other accounts" and "Grant access to your account".
    2. In Gmail > Settings > Filters and Blocked Addresses, look for any filters you do not recognize.
    3. In Gmail > Settings > Forwarding and POP/IMAP, check for any forwarding addresses.
    4. Visit to see what apps are connected to your Google account. Remove any you do not recognize (or no longer use).
    5. Visit to run a security check-up on your Google account.