A phishing attack happens when someone tries to trick you into sharing personal information online.

What is phishing?
Phishing is usually done through email, ads, or by sites that look similar to sites you already use. For example, someone who is phishing might send you an email that looks like it’s from your bank so that you’ll give them information about your bank account.

Phishing emails or sites might ask for:

Usernames and passwords, including password changes
Social Security numbers
Bank account numbers
PINs (Personal Identification Numbers)
Credit card numbers
Your mother’s maiden name
Your birthday
Important: Google or Gmail will never ask you to provide this type of information in an email.

Report phishing emails
When we identify that an email may be phishing or suspicious, we might show a warning or move the email to Spam. If an email wasn’t marked correctly, follow the steps below to mark or unmark it as phishing.

Note: When you manually move an email into your Spam folder, Google will receive a copy of the email and may analyze it to help protect our users from spam and abuse.

To report a phishing email:

  1. On a computer, go to Gmail
  2. Open the message.
  3. Next to Reply Reply, click More More.
    Note: If you’re using classic Gmail, click the Down arrow Down Arrow.
  4. Click Report phishing.

An email was incorrectly reported for phishing:

  1. On a computer, go to Gmail
  2. Open the message.
  3. Next to Reply Reply, click More More.
    Note: If you’re using classic Gmail,click the Down arrow Down Arrow.
  4. Click Report not phishing.

Avoid phishing attacks
Be careful anytime you get an email from a site asking for personal information. If you get this type of email:

Note: Gmail won’t ever ask you for personal information, like your password, over email.

Don’t click any links or provide personal information until you’ve confirmed the email is real.
If the sender has a Gmail address, report the Gmail abuse to Google.

When you get an email that looks suspicious, here are a few things to check for:

Check that the email address and the sender name match.
Check if the email is authenticated.
Hover over any links before you click on them. If the URL of the link doesn’t match the description of the link, it might be leading you to a phishing site.
Check the message headers to make sure the “from” header isn’t showing an incorrect name.
Important: If you think your Gmail address has been taken over, recover your compromised Gmail account before sending or opening any other emails.

Report to the SVA Privacy Office after you have taken the steps above to report the sender to Google. This will ensure the malicious sender will be blocked campus-wide immediately. Send a copy of the email or a screenshot of the email content to privacy@sva.edu.