Google Sees Massive Uptick In COVID-19 Phishing Emails, Here's How To Protect Yourself

As we have said before, these are challenging times as we all adapt to the reality of a deadly virus and keeping our distance from one another to slow its spread. Making matters worse, nefarious actors are pouncing on the opportunity to spread malware. This means you need to be extra cautious about falling for a phishing scam.

It's a numbers game for malware authors. Google shared some interesting stats, saying Gmail weeds out and blocks more than 100 million phishing emails every day. During the past week, Google says it saw 18 million daily malware and phishing emails related to COVID-19.

"This is in addition to more than 240 million COVID-related daily spam messages. Our ML [machine learning] models have evolved to understand and filter these threats, and we continue to block more than 99.9 percent of spam, phishing, and malware from reaching our users," Google stated in a blog post.

The ones Google has observed primarily use both fear and financial incentives to hook their victims. One way this happens is by spoofing government organizations like the World Health Organization (WHO) to solicit fraudulent donations or distribute malware, Google says. The company is also seeing an increased focus on targeting employees working at home.

Phisning Email
Source: Google

You should also be wary of phishing emails purporting to gather information so that the US government can process a stimulus check, such as shown in the screenshot above. Of course, these are just some examples.

Google is adapting to the changing situation by proactively monitoring for COVID-19 related malware, and bolstering its Safe Browsing API. Still, people need to be diligent. Google recommends that organizations and home users alike following these guidelines...
  • Complete a Security Checkup to improve your account security
  • Avoid downloading files that you don’t recognize; instead, use Gmail’s built-in document preview
  • Check the integrity of URLs before providing login credentials or clicking a link—fake URLs generally imitate real URLs and include additional words or domains
  • Avoid and report phishing emails
  • Consider enrolling in Google’s Advanced Protection Program (APP)—we’ve yet to see anyone that participates in the program be successfully phished, even if they’re repeatedly targeted
Users should also get in the habit of typing URLs directly into the address bar, rather than clicking on hyperlinks willy-nilly. This ties into Google's recommendation to check the integrity of URls before clicking or providing login credentials.

Stay safe, folks!