Google says that its free email service Gmail blocks more than 240 million coronavirus-themed spam messages on a daily basis, as cybercriminals are continuing to target individuals and organizations with phishing and malware.
According to Gmail security product manager, Neil Kumaran, and G Suite/GCP lead security PMM, Sam Lugani, the built-in document malware scanner in Gmail blocked 18 million COVID-19 related malware and phishing emails in the last week.
“Our ML models have evolved to understand and filter these threats, and we continue to block more than 99.9% of spam, phishing, and malware from reaching our users,” they claimed.
Due to the rising scenario of remote work and fear of the COVID-19, cybercriminals are using phishing and other scam techniques to trick users into clicking or downloading the malicious email links or attachments.
Google provided some examples of the phishing and scam techniques where the cybercriminals are attempting to:
- Impersonate authoritative government organizations like the World Health Organization (WHO) to solicit fraudulent donations or distribute malware.
- Phish employees operating in a work-from-home setting.
- Capitalize on government stimulus packages and imitates government institutions to phish small businesses.
- Target organizations impacted by stay-at-home orders.
Earlier this month, the International police organization (Interpol) have issued a purple notice alerting all its associated national central bureaus from 194 countries about the increasing activities of cybercriminals during this pandemic.
Microsoft also shared a threat intelligence on COVID-19 themed attacks where it says, “the trendy and pervasive Trickbot and Emotet malware families are very active and rebranding their lures to take advantage of the outbreak. We have observed 76 threat variants to date globally using COVID-19 themed lures”.
It’s anti-phishing and anti-malware component Smartscreen is detecting more than 18,000 malicious COVID-19-themed URLs and IP addresses in a single day.
To safeguard against such lures and attacks, Google recommended best practices for organizations and users:
- Complete a Security Checkup to improve their account security
- Avoid downloading files that are unrecognizable; instead, use Gmail’s built-in document preview
- Check the integrity of URLs before providing login credentials or clicking a link—fake URLs generally imitate real URLs and include additional words or domains
- Avoid and report phishing emails