A phishing scam is a cyberattack where a criminal sends you an email that either links to a fake website or contains an attachment that is, in reality, malware (for example, keylogger software).
Fake websites are typically designed to trick you into divulging sensitive personal information, such as your bank login details. Phishing emails usually claim to be from a trusted source and make it sound like an emergency to make it more likely that you’ll click the fraudulent links or attachments provided..
Classic examples are your bank or email service, but craftier criminals often pose as services that are less likely to trigger your alarm bells because people tend to re-use the same passwords across multiple websites and online services.
Learn more about phishing attacks
How to verify emails are from Proton
As a valued member of the Proton community, you will occasionally receive emails from Proton, Proton VPN, Proton Mail, Proton Drive, or Proton Calendar. Reasons we send these emails include:
- Product notifications (such as for upcoming Calendar events or a completed Easy Switch import)
- Newsletters to keep you updated about company news and new releases
- Email address verification
- Account recovery
- Offers and promotions
To manage the emails we send you, sign in to account.protonvpn.com and go to Account → Email subscriptions.
Whenever you receive an email that claims to be from us, we strongly encourage you to verify that it’s genuine. The following list shows all the domains used by Proton to communicate with our community via email. To verify that an email is genuine, simply confirm that it was sent from one of these domains:
- no-reply@news.proton.me
- no-reply@news.protonvpn.com
- no-reply@news.proton.me
- no-reply@news.protonvpn.com
- no-reply@mail.proton.me
- no-reply@calendar.proton.me
- no-reply@drive.proton.me
- no-reply@vpn.proton.me
- no-reply@offers.proton.me
- no-reply@offer.protonvpn.com
- no-reply@notify.proton.me
- no-reply@notify.protonvpn.com
- no-reply@verify.proton.me
- no-reply@recovery.proton.me
- no-reply@partners.proton.me
- no-reply@referrals.proton.me
- contact@protonvpn.com
- support@protonmail.zendesk.com
- contact@proton.me
If you receive an email that claims to be from Proton but does not come from one of the above domains, please report it to abuse@protonvpn.com.
Tips for avoiding phishing scams
By following these tips, you will greatly reduce your chances of becoming a victim of a phishing scam.
If you’re unsure about whether an email is genuine, visit the service’s website directly to access the information you need. You should also contact the support team of the organization in question from the genuine website if you have any additional questions.
1. Check the domain the email was sent from
If you know the email’s domain matches that of its website, then it is probably genuine. Be careful not to confuse similar-looking domains with the real thing (for example, proton.rne instead of the correct domain, proton.me).
2. Be careful about clicking on links
Only click on links if you are 100% sure the email is genuine (for example, if you have checked that an email from Proton came from a domain listed above).
3. Use Proton Mail
Proton Mail offers several security features designed to prevent phishing attacks. These include:
Emails from Proton domains have an Official badge
All emails sent from legitimate Proton domains to Proton Mail accounts have an Official badge, making it easy to know if an email is genuinely from us.
Link confirmation
This simple but effective phishing defense is enabled by default in all Proton Mail apps. It asks you to confirm that you wish to open an external link from an email and shows you the entire link URL.
Learn more about link confirmation
Address verification
This advanced feature allows you to manually trust PGP keys for specific contacts, giving you full control over which keys you trust.
Learn more about address verification
Lock icons
You can easily identify the encryption status of emails you receive using lock icons shown on each email.
Learn more about how to check encryption status using lock icons
DMARC Protection
Proton Mail supports Domain-based Message Authentication Reporting and Conformance (DMARC). If the domain of an email fails authentication checks (using the SPF and DKIM mechanisms), then Proton Mail will show a warning message.
If you use Proton VPN, you already have a Proton Mail account.
