We spend so much time and effort to expose scams and fraud that it is sometimes important to show you a legitimate email and explain why it is legitimate. Below is a real and legitimate email. And here are the reasons...
1. The email says that it comes from Google and the sender's email address supports that.
Don't be put off by the long string of random characters at the beginning of the sender's email address. The important part is what comes after the "@" symbol: @gaia.bounces.google.com
The "gaia.bounces" is a subdomain. The important part here is to see "google.com." That doesn't mean that a sender's address can't be spoofed. It can, but many small time scammers aren't capable of doing that. (You can learn more about these details by visiting our article “How to Surf Safely.” Understanding website domain names is critical to recognizing scams!)
2. The account owner is identified by name (and photo!)
It is remarkable how many scams speak so personally to the recipient without ever naming the recipient or providing any account information that offers some legitimacy to the email. "Dear Customer" or "Dear Bank Account Holder" doesn't inspire us!
3. A mouse-over of every link demonstrates that they all point back to a Google.com website.
Mouse-overs are still one of the most important skills to detect online link fraud. Visit our article about mouse-over skills or our video "Mouse-Over Skills Explained" to learn more.
4. Most of the links contain https. The "s" in https stands for secure!
It means that encryption will be used to communicate with the distant computer. If you are expecting to log into your Google account, it had better be a secure connection!