Phishing is when someone tries to trick you into sharing personal information online. This is usually done by imitating a site or service that you already use. For example, someone who is phishing might send you an email that looks like it's from your bank so that you'll give them information about your bank account. Phishing emails might ask for:


  • Usernames and passwords, including password changes

  • National Insurance numbers

  • Bank account numbers

  • PINs (Personal Identification Numbers)

  • Credit card numbers

  • Your mother’s maiden name

  • Your date of birth


If you get this type of email, don’t click any links it contains or respond until you've confirmed that the email is legitimate. Here are a few things to check for:


  • Check that the email address and the sender name match.

  • Check whether the email is authenticated (a question mark next to the sender's name means Google couldn’t verify the source).

  • Hover over any links before you click on them. If the URL of the link doesn't match the description of the link, it might be leading you to a phishing site.

  • Check the message headers to make sure that the 'from' header isn't showing an incorrect name.


How to:


  1. In Gmail, select or open a message.

  2. In the top right, tap the three dots and then click “Report phishing”.


The email is then removed from your inbox and sent to the “Spam” label. Google will receive a copy of the email and may analyze it to help protect other users from spam and abuse. We would strongly recommend that if you believe you have received a dangerous email to contact IT for further instructions (as you may be asked to complete some further steps).