How to Spot the New Google Scam That Looks Too Real (And What to Do If You Clicked)

A convincing new phishing campaign is making the rounds, impersonating Google with a login page that looks nearly identical to the real thing. The scam, recently reported by Reader’s Digest, targets anyone who uses Gmail, Google Drive, or other Google services. Here’s how it works—and what you can do to avoid getting caught.

What’s happening

The scam typically starts with an email or a search ad that looks like it came from Google. It might warn you about unusual account activity, a billing problem, or a shared document. The message pushes you to click a link to “verify your account” or “review security settings.” That link takes you to a fake Google sign-in page.

The page is designed to look almost exactly like the official Google login screen. The colors, the logo, the layout—all correct. But the URL is slightly off. Instead of accounts.google.com, it might be accounts-google.com or googie.com. A subtle difference that’s easy to miss if you’re not paying attention. Once you enter your email and password, the scammers capture your credentials and can then access your actual Google account.

Why it matters

Google accounts are gateways to a lot of personal data—emails, documents, photos, payment information, and sometimes linked services like YouTube or Google Ads. If someone gets into your account, they can reset passwords for other services, send phishing emails to your contacts, or even lock you out. The scam is particularly dangerous because it relies on familiarity and urgency. Many people have been trained to react quickly to security warnings from Google, which makes the deception more effective.

What you can do

1. Always check the URL before typing a password

Before entering any credentials, look at the address bar. The official Google sign-in page always uses a domain ending in google.com (e.g., accounts.google.com). If you see any variation—extra characters, a hyphen, a different top-level domain—do not proceed. You can also click on the URL bar and read it carefully, focusing on the part right before .com.

2. Don’t trust the message, even if it looks official

Phishing emails and ads often create a false sense of urgency: “Immediate action required” or “Your account will be suspended.” Google does send legitimate security alerts, but they never ask you to click a link to enter your password directly. Instead, they direct you to open your account settings manually. If you’re unsure, open a new browser tab and go to myaccount.google.com yourself, rather than clicking any link.

3. Enable two-factor authentication (2FA)

Even if a scammer gets your password, 2FA can stop them. When you sign in from an unrecognized device, Google will ask for a second verification—usually a code sent to your phone or generated by an app like Google Authenticator. This is one of the most effective protections you can add. You can enable it in your Google account security settings.

4. Use a password manager

A password manager can help in two ways. First, it can autofill login details only on the correct domain—so if you’re on a fake page, it won’t suggest your password. Second, it makes it easier to use unique, complex passwords for every account, limiting the damage if one password is stolen.

5. Know what to do if you already clicked

If you think you’ve entered your password on a fake Google page, act quickly:

Change your Google password immediately. Use a new, strong password you haven’t used elsewhere.
Sign out of all other sessions by going to your Google account security page and selecting “Sign out of all other web sessions.”
Check your account activity for any unusual logins, emails sent from your account, or changes to recovery options.
Run a full antivirus scan on your devices, just in case the page also tried to install malware.
Report the phishing page to Google using the form at safebrowsing.google.com/safebrowsing/report_phish/.

6. Report the scam to help others

If you receive a phishing email, forward it to [email protected]. If you see a fake ad, report it directly in Google Search using the “Report ad” option. Every report helps update Google’s filters and might keep someone else from falling for it.

Longer-term prevention

Stay skeptical of any message that asks you to click a login link. When in doubt, navigate to the site manually.
Keep your browser and operating system updated—they include security fixes that can block known phishing sites.
Consider using a browser extension that checks for suspicious URLs, such as Google’s own “Password Alert” for Chrome (though its long-term support has shifted).

No single step is foolproof, but combining these habits makes you a much harder target. The key is to slow down and verify, even when a message feels urgent. Most phishing scams work because they rush you into making a mistake.

This article is based on reporting from Reader’s Digest, published April 30, 2026, and general cybersecurity best practices. Specific scam methods may evolve, so stay updated through trusted sources.

How to Spot the New Google Scam That Looks Too Real (And What to Do If You Clicked)#

What’s happening#

Why it matters#

What you can do#

1. Always check the URL before typing a password#

2. Don’t trust the message, even if it looks official#

3. Enable two-factor authentication (2FA)#

4. Use a password manager#

5. Know what to do if you already clicked#

6. Report the scam to help others#

Longer-term prevention#