Google is reported to have been blocking 100 million phishing emails per day and 18 million email scams relating specifically to coronavirus.
On its Cloud blog on 16th April, Google reported that Gmail blocks more than 100 million phishing emails each day and over the previous week, it had blocked 8 million daily malware and phishing emails related to COVID-19. Google reports that this was in addition to more than 240 million COVID-related daily spam messages.
Google reports that the types of scam and phishing emails that it had seen and blocked have been using fear and financial incentives to create urgency in order to prompt users to respond. Examples include:
– Impersonating authoritative government organisations e.g. the World Health Organization (WHO) in order to solicit fraudulent donations or distribute malware. In order to achieve this, scammers were reported to be using downloadable files that can install backdoors.
– Phishing attempts targeted at employees operating in a work-from-home setting asking them to complete a form needed for payroll.
– Phishing attempts, imitating government institutions and targeted at small businesses asking them to click on links related to receiving government stimulus packages.
Google reports that it has put proactive monitoring in place for COVID-19-related malware and phishing across its systems and workflows and that when threats are identified, they are added to its Safe Browsing API to protect users in Chrome, Gmail, and other integrated Google products.
As Google acknowledges, many of the current threats are not new but are existing malware campaigns that have just been updated to exploit the heightened attention on COVID-19. Last month, for example, reports of phishing emails included:
– An email purporting (as reported by Proofpoint) to be from a doctor offering details of a vaccine cure that’s been kept secret by the Chinese and UK governments. Clicking on the link promises access to the vaccine cure details.
– Workplace policy emails that target employees in a specific company/organisation and encourage them to click on a link that will take them to their company’s Disease Management Policy. Clicking on the link will, in fact, download malicious software that can provide a way into the company network.
– As reported by Mimecast, using the promise of a tax refund for coronavirus, directing the target to click on a link to input all their financial and tax information and with the lure of gaining access to (bogus) funds.
– Asking for donations for a fake campaign to fund the fast development of a COVID-19 vaccine. In this scam, the victim is directed to a bitcoin payment page.
– An email purporting (again, as reported by Proofpoint) to be from the World Health Organization (WHO) that offers a fake document with information about preventing the spread of coronavirus, where clicking on the link actually leads to the downloading of keylogging software (criminals can track your keystrokes to uncover passwords).
– Emails that exploit feelings of panic, such as an email that claims that COVID-19 has become airborne and asks the target to click on a link to a fake Microsoft login page.
You can protect yourself and your business from phishing emails and others scams by doing the following:
– Keeping your anti-virus software up to date as well as your patching and other software updates e.g. your OS updates.
– Making sure that all staff and employees are given training and/or are made aware of phishing email threats and that they know the procedure for dealing with emails that appear to be suspicious and/or relate to releasing funds/payments, even if they appear to be from someone in the same company.
– Being on the lookout for online requests for personal and financial information e.g. from government agencies, are very unlikely to be sent by email from legitimate sources.
– Looking out for emails with generic greetings, mistakes in spelling and grammar, and/or heavy emotional appeals that urge you to act immediately, as these are all signs of scam and phishing emails.
– Checking the email address by hovering your mouse (without clicking) over the link in the email. This can quickly reveal if the email is genuine.
Google also recommends that its users could benefit from completing a Google ‘Security Check-up’, and that is G Suite Enterprise and G Suite Enterprise for Education users choose to enable Google’s security sandbox.
Since the beginning of the COVID-19 outbreak and the subsequent need for businesses and organisations to have their employees work from home, cybercriminals have seen the whole situation as a big opportunity to exploit the uncertainty, heightened emotions, and physical division of workforces.
Now more than ever, therefore, we should all exercise caution when we receive emails from unknown or unusual sources and remember that government agencies and financial institutions don’t send out emails asking for personal and financial information and that any requests for funds or other even slightly unusual requests that appear to come from within the company need to be checked for authenticity.
Companies need to alert employees, many of whom may soon be working from home (if not already) and may have a reduced ability to quickly ask the boss or manager about certain emails, to the threat of phishing emails with a COVID-19 theme and to the threat of social engineering attacks that could take advantage of a physically divided and reduced workforce.