The email was sent from a known contact.

The email contained a suspicious IP address.

The email was written in a foreign language.

The email had no subject line.

He forgot to include an attachment.

He sent the email to the wrong person.

He mistakenly called the email legitimate.

He used an incorrect email address.

Using a VPN for all internet activities.

Enabling two-factor authentication.

Changing his email provider.

Deleting all suspicious emails.

To provide a tutorial on password security.

To promote a new Google service.

To collect user feedback on Google features.

To trick users into entering their credentials.

His credentials were sent to the attackers.

His account was immediately locked by Google.

He was redirected to a news website.

He received a confirmation email from Google.