Gmail adds blue checkmarks to fight phishing and scammers — what you need to know

Image of Gmail's logo on a laptop
(Image credit: Monticello/Shutterstock)

Google is making a big change to Gmail that will make it easier to determine whether or not an email is actually from a scammer.

Up until now, checking your inbox could put you at risk of falling victim to online scams or phishing, especially if you don’t know how to spot the sure-fire signs of a phishing email. Fortunately, you’ll now have one more way to easily identify if a sender’s email address is legitimate.

In a new blog post, the search giant revealed it is adding a blue checkmark icon for verified Gmail users. Just like on Facebook, Instagram and other social media platforms, this checkmark will serve as a sign that the people sending you emails are who they really say and not a scammer trying to instil a sense of urgency before leading you to a phishing site.

These blue checkmarks in Gmail have already begun rolling out and they will be available to both paid Google Workspace users as well as to ordinary Gmail users according to SlashGear

Making email safer

Back in 2021, Google introduced its Brand Indicators for Message Identification (BIMI) initiative for Gmail to make its email service safer.

A big part of this initiative involved requiring businesses to use strong authentication and to verify their brand’s logo so that it could show up as an avatar in their Gmail messages. Google’s new blue checkmark feature builds on this by making it easier for Gmail users to distinguish between legitimate senders and impersonators.

Brand impersonation is one of the main tactics used by both cybercriminals and scammers due to how effective it is. When someone thinks that an email or message came directly from a company they do business with, they’re more likely to respond. If the impersonation attempt is performed well enough, they also might share personal details that they normally wouldn’t have.

How to stay safe from phishing emails

Fish hook on a keyboard

(Image credit: Shutterstock)

Businesses that have already implemented Google’s BIMI guidelines will be getting their blue checkmarks in Gmail soon. In the meantime, you still need to be careful when checking your inbox as scammers will likely try to get a few phishing emails through before the change goes into effect.

When it comes to spotting phishing emails, the first thing you want to do is to check the sender’s email address to see if it’s legitimate. A simple web search should do the trick and if not, you should check a company’s site as they often have their email address available at the bottom of the page. Likewise, you can always reach out to a company’s support staff to see if an email address actually belongs to them.

For phishing emails themselves, you want to look out for several red flags which include bad spelling and poor grammar along with instilling a sense of urgency. Scammers want to get your attention with their phishing emails which is why they often give you a date or time to reply by while threatening to cut off access to your account.

Gmail’s new blue checkmark feature may seem like a copycat but when it comes to malware and other cyber threats, your inbox remains the place where you’re likely to encounter them the most.

More from Tom's Guide

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.