The protection kicks in if you click on a sketchy link in an email, with two different levels of warning …
If Google knows the site to be a phishing operation, it will tell you.
The site you are trying to visit has been identified as forgery, intended to trick you into disclosing financial, personal, or other sensitive information.
If the site is suspected to be sketchy but the company is not yet 100% certain, a different warning is displayed.
This link leads to an untrusted site. Are you sure you want to proceed?
For identified phishing sites, there is a link to report false positives.
Phishing is a technique where an email claims to be from a known company, like Apple, PayPal or a bank. The link takes you to a fake website which asks you to enter your login credentials, which are then captured by the attacker and used to access your account.
Many phishing attacks are extremely crude, with obvious spelling and grammatical errors, and a website that looks little like the real thing. However, there are some sophisticated ones with very plausible-looking emails and websites. There have even been some that apparently display the correct URL.
The best advice is always to access sensitive sites from your own bookmarks or by typing in the URL.
FTC: We use income earning auto affiliate links. More.