Impersonation · tech

Google Impersonation Scams

Scammers impersonate Google through fake account-suspension warnings, phishing emails, and bogus Google support calls to steal credentials or payment details.

Last reviewed: 1 June 2026

Google accounts are central to billions of people's digital lives — email, photos, documents, and more. That makes a convincing 'Google security alert' one of the most effective phishing lures available to scammers.

Fake Google account suspension warnings, phishing emails mimicking Google's design, and cold calls claiming to be Google support are all used to trick people into handing over credentials or verification codes.

Google is the victim of this impersonation. Being aware of how Google genuinely communicates — and the things Google will never ask you to do — is your strongest defence.

How scammers impersonate it

Sending emails with Google branding warning your account is at risk and directing you to a fake sign-in page
Creating convincing fake Google login pages to harvest usernames and passwords
Calling and claiming to be Google support about suspicious activity on your account
Using Google's colour scheme and fonts to make phishing pages look authentic
Sending fake 'critical security alert' notifications that mimic the real Google alert style
Spoofing Google sender addresses or using domains like google-support.com

What the real organisation never does

Call you unsolicited about a problem with your Google account
Ask you to share a verification or two-factor code with anyone
Ask for your Google password over the phone or through an email link
Request payment via gift cards to secure your account
Ask you to install software to resolve an account issue
Threaten to permanently delete your account unless you act within an hour

Common red flags

Urgency in the subject line — 'Your account will be deleted in 24 hours'
A sign-in link in an email that does not go to accounts.google.com
Unsolicited call from someone claiming to be Google Support
Request to share a code sent to your phone or email
Sender address is not @google.com
Grammar errors or formatting inconsistent with Google's communications
Request for gift card payment or wire transfer

Sanitized example messages

Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].

Email: 'Unusual sign-in detected on your Google account. Secure your account at [fake link] within 12 hours or access will be suspended.'

Call: 'I am calling from Google Security — we have detected your account is being accessed from multiple locations. Please confirm your recovery code.'

Text: 'Google Alert: Your account storage will be suspended. Update payment at [fake link].'

How to verify

Go directly to myaccount.google.com — type it yourself — to check account activity and security
Google's genuine security alerts are shown in your account's Security checkup, not only by email
Never share a verification code with anyone; Google staff will not ask for it
If you want to reach Google Support, go through the Help section in the relevant Google product
Check the full sender email address — genuine Google emails come from @google.com or @accounts.google.com

What to do if you're targeted

Do not enter credentials into any page you reached through a link in an unsolicited message
If your credentials may have been entered, change your Google password immediately at myaccount.google.com and review connected apps
Enable two-factor authentication if you have not already
Report phishing emails using the 'Report phishing' option in Gmail

Frequently asked questions

I received a Google security alert by email — is it real?

Log in to myaccount.google.com directly (not via the link) and check the Security section. Genuine alerts also appear there. If nothing shows up, the email was likely a phishing attempt.

I entered my Google password on a site that looked real. What now?

Go to myaccount.google.com immediately, change your password, and review recent account activity and connected third-party apps. Enable two-factor authentication if not already active.

Does Google ever call customers?

Google does not make unsolicited phone calls to consumers about account security. Some Google Ads customers may receive scheduled calls from sales representatives they have opted into, but these are not security calls.

How scammers impersonate it

Sending emails with Google branding warning your account is at risk and directing you to a fake sign-in page

Creating convincing fake Google login pages to harvest usernames and passwords

Calling and claiming to be Google support about suspicious activity on your account

Using Google's colour scheme and fonts to make phishing pages look authentic

Sending fake 'critical security alert' notifications that mimic the real Google alert style

Spoofing Google sender addresses or using domains like google-support.com

What the real organisation never does

Call you unsolicited about a problem with your Google account

Ask you to share a verification or two-factor code with anyone

Ask for your Google password over the phone or through an email link

Request payment via gift cards to secure your account

Ask you to install software to resolve an account issue

Threaten to permanently delete your account unless you act within an hour

Common red flags

Urgency in the subject line — 'Your account will be deleted in 24 hours'

A sign-in link in an email that does not go to accounts.google.com

Unsolicited call from someone claiming to be Google Support

Request to share a code sent to your phone or email

Sender address is not @google.com

Grammar errors or formatting inconsistent with Google's communications

Request for gift card payment or wire transfer

Sanitized example messages

Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].

Email: 'Unusual sign-in detected on your Google account. Secure your account at [fake link] within 12 hours or access will be suspended.'

Call: 'I am calling from Google Security — we have detected your account is being accessed from multiple locations. Please confirm your recovery code.'

Text: 'Google Alert: Your account storage will be suspended. Update payment at [fake link].'

How to verify

Go directly to myaccount.google.com — type it yourself — to check account activity and security

Google's genuine security alerts are shown in your account's Security checkup, not only by email

Never share a verification code with anyone; Google staff will not ask for it

If you want to reach Google Support, go through the Help section in the relevant Google product

Check the full sender email address — genuine Google emails come from @google.com or @accounts.google.com

What to do if you're targeted

Do not enter credentials into any page you reached through a link in an unsolicited message

If your credentials may have been entered, change your Google password immediately at myaccount.google.com and review connected apps

Enable two-factor authentication if you have not already

Report phishing emails using the 'Report phishing' option in Gmail