While Google Chat may not be as universally popular as something like WhatsApp or even Slack, it’s baked into Gmail and other aspects of Google Workspace, which can potentially make it the most convenient way of communicating with friends, family, and coworkers alike. Like other major platforms though it can sometimes be a target for scammers, so here’s a brief guide to staying safe on Google Chat.
6 common Google Chat scams and how to avoid them
1. Lotteries, giveaways, and other fake prizes
This one should be familiar to anyone who’s been online for a few years. You’re messaged by someone saying you’ve won a prize, but they then ask you to share private info, click a link, or even pay a small fee to claim it. Asking for a fee is transparently a scam — it’s not much of a prize if you have to pay for something — but the other options could potentially deceive some people, allowing scammers to hijack a person’s online or financial accounts.
Never engage with prize offers that come from a contest or giveaway you don’t remember entering. Also, no legitimate organizer is going to contact people via Google Chat, much less demand sensitive info that could put your security at risk. If you click on a link in this scenario, you’ll probably be subject to a malware or phishing attack, the latter being a fake website designed to trick you into exposing data.
2. Tech support scams
In this scheme, you’ll be approached by someone claiming to be customer support for Google, Microsoft, or another tech firm. They’ll say that you need to verify your account, remove a virus, or update your payment info, with the solutions being sharing a login, clicking a link, or even calling a telephone number. All three options can be geared towards identity theft, but the latter two might alternately involve paying a “fee” for support you won’t get.
No honest tech company is going to handle support through Google Chat, not even Google, and as a rule, no one should be able to remotely detect malware on your computer. When you have a real problem, go to a company’s website on your own (don’t click a Chat link!) and use the support contacts found there.
3. Friend, family, and similar impersonation scams
Every scam involves impersonation, ultimately, but some scammers may go to the extent of imitating a friend, family member, or coworker. If they can’t hijack that person’s Google account, they may create an account of their own with a similar username, and steal photos or other publicly-accessible material for their social media profiles. They’ll then message you with an excuse to give them data or money, such as a medical emergency.
There are a few ways to spot this sort of scam. For one, scammers tend to be unusually quick to make demands, since they don’t have any interest in small talk and their facade can collapse at any moment. They may also write in a way that doesn’t match the person they’re impersonating. When in doubt, check a person’s Google Chat profile (for instance by doubleclicking their icon in the web app). If they’re a scammer, their contact info may be incomplete, and their Recent interactions list will be empty.
They may try to claim that they had to set up a new account. You can test that with a phone call to a reliable number, or by asking questions only the real person would be able to answer.
4. Job scams
This is similar to the last two types, with the twist that someone is offering employment but wants you to pay a fee for recruitment, equipment, or training. There is of course no job to be had, yet the scam might seem more plausible in the context of Google Chat, which is mostly used in work situations. To make things more enticing, a scammer may promise an unusually high salary for little effort or experience.
Unless it’s an internal hire, legitimate companies never recruit people through Google Chat, and even then you should expect to pass through an interview process before securing the position. You should also turn down any job that expects a payment first — at best they’re a multi-level marketing (MLM) scam, and in most cases they’re going to take the money and run.
When hunting for jobs, stick to company boards, in-person offers, or popular sites like Indeed or LinkedIn.
5. Romance/catfishing and prostitution scams
Let’s get this out of the way — whether or not prostitution is legal where you live, you should never accept sex offers from online strangers, much less through Google Chat, a platform genuine sex workers are unlikely to touch. If you are solicited via Chat, the person is going to exploit your hormones to commit fraud or identity theft. If they share a link, it may be for phishing or malware.
A romance/catfishing scam may be actually be more insidious. This is a long con in which a scammer flirts with you, slowly building up the skeleton of a relationship without actually meeting in person. Once they gain your trust they’ll manufacture a reason for you to send money, such as rent, a family emergency, or a visa. They could go silent once they have this initial cash — but they might also string you along until you realize what’s happening.
Even intelligent people can sometimes fall for romance scams, but skepticism is your ally here. It’s very unlikely that a love interest will materialize outside of dating apps or in-person connections. In any event you shouldn’t get emotionally invested in someone until you’ve had a chance to meet them in person, or at least arrange a video call. A refusal to do either is a bad sign. You should also check an interest’s social media profiles, since a scammer tends to have few friends or publicly-shared details, and their photos are usually stolen. Use a reverse image search tool like TinEye to doublecheck this.
6. Miscellaneous phishing and malware attacks
Edgar Cervantes / Android Authority
We’ve already covered a number of situations involving phishing and/or malware, but we want you to be on the lookout for examples that don’t fit into neat boxes. You could, say, be approached by a scammer claiming to represent a government bureau, with the offer of a rebate or stipend if you click a link or share sensitive info, such as a Social Security number. Another scam involves promising large returns on something like Bitcoin or stocks after an initial “investment.”
Because Google Workspace is designed to allow easy file transfers, someone may even try to send you something like photos, videos, applications, or a ZIP file. You should never download or open files from someone you don’t know. Regardless of whether they trigger an obvious malware attack, your device could be infected with spyware or botware running behind the scenes. Use your computer’s security tools to run a scan if you’ve already made this mistake.
What to do if you get scammed on Google Chat
First, stop interacting with the scammer, but capture as many related screenshots as possible for evidence. This will help you remember important details, and bolster your case with Google, your bank, and/or the police (more on all of these in a moment).
The next step is to block the person and report them to Google. If you’re using Chat on a computer, open your conversation list, then click the triple-dot icon next to the person’s name and select Block and Report. You’ll have to check the Also report option before clicking Block.
Google can’t get any stolen money back, but you may be able to dispute a transaction with your bank. Screenshots will be extremely important here, as will any other information you can gather. Remember that there’s no guarantee of success, and the fraud claim process may take a while no matter what the decision is.
While it’s not strictly necessary, it’s probably wise to change your Google account password and enable two-step verification (2SV) if you haven’t already. The latter ensures that even if someone steals, guesses, or brute-forces your password, they’ll need a one-time verification code on a device they probably don’t have access to.
Lastly, if the incident is serious enough, it may be worth reporting the crime to local police. They won’t be able to do anything if they can’t personally identify the scammer, or the person is located in another country, but you’ll at least be putting the scam on police radar and establishing a history that could one day lead to a conviction.
How to stay safe on Google Chat
Here are a few rules of thumb that should help:
- Enable 2SV on your Google account as soon as possible.
- If an offer or request comes from a previously unknown contact, it should automatically be suspicious.
- Never click on links from unknown contacts. Even if a contact does seem familiar, take a close look at the URL (web address) — scammers rely on domains that sound official, but don’t actually match the organization they’re supposed to represent. Alternately they may rely on URL shorteners that disguise the destination.
- Never download files you haven’t specifically asked for.
- Real institutions won’t ask you to send money through Google Chat, or any private data such as account logins, bank info, or your Social Security number.
- If something seems too good to be true, it probably is.
Generally speaking, yes. It’s mostly used by workplaces, so while it is a major platform, it’s not a frequent target for scammers, and Google has enough security measures in place.
Deception is always possible, but a real person should have recognizable info in their profile and, most likely, prior exchanges in their Recent interactions section. The true test is when you talk to them, or how they write — their patterns should match what you’re used to, and they won’t be aggressive about getting you to accept an offer or request. They should also be able to answer questions that don’t rely on public-facing material.
Scammers could potentially trick you into enabling an attack, or taking over your Google account. Otherwise, Google has tight security measures in place. We haven’t heard of Google Chat servers being breached, which isn’t to say it’s impossible.
We’d say so. Mostly this is due to WhatsApp being a far, far more popular platform aimed at the general public, and hence a more lucrative target. The services would otherwise be roughly on par.