How to identify and protect yourself from phishing attempts

Phishing is the practice of sending fraudulent emails, text messages, or other communications pretending to be from people or companies in an attempt to steal personal information from you, such as your password or credit card information. Occasionally, spammers may use variations of our brand to distribute spam and malware.

How to identify a phishing email

There are some general things you can look out for if you believe you are being targeted. Examples include:

  • The sender's email doesn't match the name of the company. Sometimes it may say Evernote, but other times it might say things like, "Evernote Service," "Evernote Cloud," etc.
  • The URL doesn't match the company's website or contains links to fake login pages or password reset pages. Always check the links in the email, or if you click on it, in the address bar of your browser. Often, the page will be disguised to look like an Evernote website but the URL is completely different.
  • The message looks significantly different from other messages. Most of our communications follow a similar style or template. If the email looks different than you've noticed, take a closer look.
  • The message requests personal information. Evernote will never ask for personal information in an email.
  • The message asks you to reply with your username, email address, and/or password. Evernote will never ask for your password.
  • The message is unsolicited and contains an attachment. Never click on an attachment from an unknown sender.

What to do if you receive a phishing email

The best course of action is to delete the message immediately. Do not click on any links, reply to the sender, or provide any information. There is no need to report this attempt to Evernote. The sender of these emails do not have access to our user lists, and are not targeting Evernote users specifically or exclusively. Evernote is one of many companies the sender is impersonating, and there are nearly identical messages purporting to be from companies around the world.

However, you are welcome and encouraged to report phishing attempts to your email provider. Reporting phishing attempts to your email provider helps them identify the behavior, flag the sender accounts, and improve their spam filtering. Here are the steps to report phishing for some common email providers:

  • Gmail (In the section titled, "Report phishing emails")
  • Microsoft Outlook (In the section titled, "Report a message as phishing in")
  • Apple iCloud (In the section titled, "How to report suspicious emails, messages, and calls")

Tips to protect yourself from phishing emails

  • If you don't trust a link in an email, don't click it. Instead, go directly to the website from your browser.
  • When a sender is unknown, don't click anything.
  • Set up two-step verification on your Evernote account.
  • Visit our Security Tips page to learn more.



  • attack
  • canadian pharmacy
  • corrupted
  • damaged
  • dsc
  • email
  • fake
  • genuine
  • jpeg attached
  • malware
  • phishing
  • scam
  • spam
  • viagra
  • virus


Was this article helpful?

112 out of 188 found this helpful

Have more questions? Submit a request