That Google Alert Might Be a Scam—Here’s How to Recognize the Fake

If you use Gmail, Google Drive, or Google Ads, chances are you’ve seen a notification pop up warning about “unusual activity” or telling you your account will be suspended unless you act immediately. A new wave of phishing emails and pop-ups is impersonating these legitimate Google alerts—and they look convincing enough to fool even careful users.

This isn’t a theoretical threat. Reports of this scam have been trending since late April 2026, and it works because it mimics the exact language and design Google uses in real security messages. The goal is to steal your login credentials or trick you into installing malware.

Here’s what you need to know to spot it and protect yourself.

What the scam looks like

The scam typically arrives as an email with a subject line like “Suspicious sign-in detected” or “Your account will be suspended in 48 hours.” It often includes a logo that looks like Google’s, a link that appears to lead to a security check page, and a sense of urgency intended to make you click without thinking.

In some cases, users report seeing pop-up windows while browsing that mimic Google’s own sign-in screen, asking for a password or recovery email under the pretense of verifying identity.

The critical thing to remember: Google does not send emails or display pop-ups demanding that you click a link to verify your account or avoid suspension. Real Google security alerts appear inside your account settings or through the Gmail interface—not as unsolicited links.

Red flags to watch for

Even a well-crafted fake can be spotted if you know what to look for:

  • The sender address. Hover over the sender’s name (don’t click). A real Google security email comes from an address ending in @google.com. Common fakes use addresses like @google-security.com, @accounts-google.net, or something similar but slightly off.
  • Generic greetings. Google usually addresses you by your full name or the first part of your email address. Scams often use “Dear user” or “Dear customer.”
  • Urgency or threats. Phrases like “Your account will be permanently deleted” or “Immediate action required” are pressure tactics. Real Google alerts are factual and rarely threaten instant closure.
  • Suspicious links. Hover your mouse over the link. If it doesn’t point to a Google domain (accounts.google.com, myaccount.google.com, etc.), it’s a scam.
  • Poor grammar or odd formatting. While many fake emails are polished, small mistakes—a missing space, an odd font, or an inconsistent logo—are giveaways.

Step-by-step response if you receive one

Do not click any link. Closing the email or pop-up is safe. If you’re unsure whether an alert is real, open a new browser window and go directly to your Google Account page (myaccount.google.com) to check for any actual warnings.

To help protect others, forward the suspicious email to [email protected]. If you received the scam as a pop-up while browsing, you can also report it using Google’s Safe Browsing tool at safebrowsing.google.com.

If you already clicked a link and entered your password, change your password immediately. Go to your Google Account security page and sign out all other sessions. Run a full antivirus scan on your device as a precaution.

Proactive protection tips

The most effective way to stay safe is to enable two-factor authentication (2FA) on your Google account. Even if a scammer steals your password, they won’t be able to log in without the second factor. Use an authenticator app rather than SMS if possible, because SIM-swapping attacks can bypass text-based codes.

A password manager also helps. It won’t autofill your credentials on a fake login page because the domain won’t match, giving you an automatic red flag.

Keep your browser and operating system updated, as security patches close vulnerabilities that scammers can exploit to inject fake pop-ups.

What to do if you already fell for it

If you clicked a link and entered your credentials, act quickly:

  1. Change your Google password and any other account that uses the same password.
  2. Enable 2FA if you haven’t already.
  3. Review your account activity (myaccount.google.com/security) for any unauthorized logins or changes.
  4. Run a malware scan with a reputable antivirus tool.
  5. If you entered payment info, contact your bank or card provider.

No single step guarantees complete safety, but prompt action significantly reduces the damage a scammer can do.

Scams like this one succeed because they exploit trust in familiar brands. The best defense is a healthy dose of skepticism and a few simple habits. If an alert feels off, it probably is—and taking 30 seconds to verify before clicking can save you hours of trouble later.

Sources: Google’s official phishing reporting page; security advisories from cybersecurity firms; reporting from Reader’s Digest (April 30, 2026).