Does Proton ever ask for my password in an email?

No. Proton will never ask you for your password or your 12-word recovery phrase via email. They don't even have access to your password themselves due to zero-access encryption.

How can I verify if an email is truly from Proton?

Check for the purple 'Official' badge in your Proton Mail app. If you are viewing the email elsewhere (like Outlook or Gmail), the badge will not appear, making it much harder to verify.

What should I do if I entered my password on a fake site?

Sign in to the REAL Proton Mail immediately and change your password. Enable/Rotate your 2FA. If you use the same password elsewhere, change those too.

Proton Security

Verify Proton alerts before you sign in.

Proton Mail is known for its high security, which makes it a prime target for 'Official' impersonation scams. Scammers send fake alerts claiming your encryption keys are expiring or your account needs urgent verification to bypass their strict security filters.

Security Insight

Proton Mail uses a 'Purple Official' badge for legitimate system emails. Scammers try to imitate this by using purple icons in the email body, but they cannot spoof the official badge in the sender field of the Proton web or mobile app.

Checks for the 'Official' sender badge

Spots 'Key Expiration' lures

Protects your encrypted inbox

Analyze a Proton Alert Proton Safety Guide

How to spot a Proton Mail Phishing Scam

Legitimate Proton communications have very specific security markers. Watch out for these common tactics used to steal access to encrypted mailboxes.

The 'Official Badge' test

Genuine Proton system emails always show a purple 'Official' badge next to the sender's name in the Proton interface. If it's missing, it's a scam.

Fake 'Key Expiry' warnings

A message claiming your encryption keys or 'Mailbox Version' is outdated and you must click a link to 'Upgrade' or lose your emails.

Non-Proton Sender Domains

Official alerts come from @proton.me or @protonmail.com. Scammers use domains like 'proton-secure-access.com' or random 'protonmail.ch' lookalikes.

Request for 'Recovery Phrase'

Any email that asks you to provide your 12-word recovery phrase or your account password is a 100% phishing attempt.

What IsThisSpam checks before you trust a sender

Quick verdicts are useful, but the real value is understanding why something looks safe, uncertain, or risky.

Unusual Link Destinations

Hover over any button. If the URL doesn't lead to 'proton.me' or 'protonmail.com' (e.g., 'proton-login-portal.net'), it is a fake site.

High-Pressure urgency

Messages like 'Your account will be deleted in 12 hours' or 'Final security warning' are designed to make you act without thinking.

Mismatched Interface Colors

Scammers often use old Proton branding or weird purple gradients that don't match the modern, clean design of the Proton ecosystem.

Generic 'Dear User' greetings

Proton usually addresses you by your account name or doesn't use a generic greeting at all in their official security notifications.

Related guides

Use the checker for the fast answer, then read the deeper guidance for recurring scam patterns.

Email Header Analyzer

Deep dive into the metadata of suspicious Proton messages.

Read the guide

Spoofed Email Checker

Learn how to identify fake 'From' addresses in your inbox.

Read the guide

FAQ

These are the questions people usually ask right before they click, reply, or pay.

Got a screenshot or attachment? Our AI can analyse it.

Free scan first, deeper analysis when you need it

Check the sender before you trust the message.

Start with a fast scan, then move to SuperScan when the message involves money, account access, or sensitive documents.

Analyze a Proton Alert Proton Safety Guide