The COVID-19 pandemic is exacerbating many existing societal issues, including misinformation and cyberattacks. Google is working to protect users from the latter by detailing what coronavirus-related spam Gmail encounters and is automatically blocking.
Gmail in the last week saw 18 million daily malware and phishing emails related to COVID-19. For context, Gmail every day blocks over 100 million phishing messages. Meanwhile, there are more than 240 million coronavirus-related spam messages a day.
Google provided four examples that leverage “fear and financial incentives to create urgency” that tricks users into clicking a nefarious link. This includes soliciting donations by claiming to be official agencies or having information on stimulus checks. One particular strain sees spammers pretending to be employers with directions for remote work.
- Impersonating authoritative government organizations like the World Health Organization (WHO) to solicit fraudulent donations or distribute malware. This includes mechanisms to distribute downloadable files that can install backdoors.
- This example shows increased phishing attempts of employees operating in a work-from-home setting.
- This example attempts to capitalize on government stimulus packages and imitates government institutions to phish small businesses.
- This attempt targets organizations impacted by stay-at-home orders.
For the most part, existing malware campaigns have just been repurposed to take advantage of the current pandemic. That commonality helps Google’s Safe Browsing system flag and warn against nefarious links in Gmail, Chrome, and other services that use the API.
G Suite has its own set of security measures including quarantining messages and advanced scanning.
Google offers a number of best practices, like avoiding unrecognized file downloads and instead opening with Gmail’s built-in document preview. The company is also using this opportunity to encourage Advance protection program enrollment, which has prevented repeated phishing attempts.