Google: We've blocked 126 million COVID-19 phishing scams in the past week

240 million daily virus themed spams as 'bad actors' feed on people's fear

In the past week, an average of 18 million COVID-19 phishing emails were sent per day via Gmail to unsuspecting marks, according to Google.

"No matter the size of your business, IT teams are facing increased pressure to navigate the challenges of COVID-19," said Neil Kumaran, products manager for Gmail, and Sam Lugani, lead security PMM, G Suite and CP platform, today.

The pair said phishing is still the "most effective method" that scammers deploy to compromise accounts and grab data and resources from businesses. They added that "bad actors" have leapt upon the "uncertainty surrounding the pandemic".

Google said its malware scanner uses deep-learning tech to detect malware on 300 billion attachments each week, and 63 per cent of dodgy docs blocked by Gmail are different from day to day.

Kumaran and Lugani said Google prevents 100 million phishing mails daily from reaching their targets and "during the last week, we saw 18 million daily malware and phishing emails related to COVID-19".

"This is in addition to more than 240 million COVID-related daily spam messages. Our machine learning models have evolved to understand and filter these threats, and we continue to block more than 99.9 per cent of spam, phishing and malware from reaching our end users," they said.

That still means that 258,000 COVID-19 themed spams and phishing emails did in fact land in people's inboxes each day – so while Google has caught the vast majority there is more work to do to minimise risks further.

The spate of COVID-19 scams was flagged by the UK's National Cyber Security Centre and the US Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) on 8 April.

ASEAN logo

ASEAN economic bloc calls for regional fake news crushing co-operation


In a joint advisory [PDF], NCSC said it has spotted more UK government branded scams related to the disease "than any other subject" and the shift to home working had upped the use of "potentially vulnerable services".

The advisory said criminals were trying to use weaknesses in VPNs, remote-working tools and software to hit the mark: NCSC and CISA "observed actors scanning" for publicly known vulns in Citrix (CVE-2019-19781). One in five public-facing Citrix boxes remained unpatched in February and open to attack. Similar vulnerabilities from Pulse Secure, Fortinet and Palo Alto "continue to be exploited", NCSC said.

"Malicious cyber actors are also seeking to exploit the increased use of popular communications platforms (such as Zoom or Microsoft Teams) by sending phishing emails that includes malicious files with names such as 'zoom-us-zoom_##########.exe' and 'microsoft-teams_V#mu#D_##########.exe'." (It said the # represents the various digits reported online.)

Zoom has itself come under scrutiny for failings in its security and privacy – the latter policy has been rewritten – following a surge in users of its video-conferencing service.

The German foreign ministry has banned its use, as have the Taiwanese government and the New York school system. The company also misled users with claims about providing end-to-end encryption belied by its ability to access data in transit along the conference call's connection.

Router brand Linksys recently reset all of its customers Smart Wi-Fi account passwords when it became apparent that attackers had managed to get hold of a load and were redirecting unsuspecting users to COVID-19-related malware.

The guidance dished out by Google today includes basic common-sense hygiene: run a security checkup; don't download stuff you don't recognise; check the integrity of URLs before providing login creds or clicking a link; avoid and report phishing emails; and, unsurprisingly, consider signing up to the Choc Factory's Advanced Protection Programme. ®

Similar topics

Broader topics

Other stories you might like

  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading
  • Big Tech loves talking up privacy – while trying to kill privacy legislation
    Study claims Amazon, Apple, Google, Meta, Microsoft work to derail data rules

    Amazon, Apple, Google, Meta, and Microsoft often support privacy in public statements, but behind the scenes they've been working through some common organizations to weaken or kill privacy legislation in US states.

    That's according to a report this week from news non-profit The Markup, which said the corporations hire lobbyists from the same few groups and law firms to defang or drown state privacy bills.

    The report examined 31 states when state legislatures were considering privacy legislation and identified 445 lobbyists and lobbying firms working on behalf of Amazon, Apple, Google, Meta, and Microsoft, along with industry groups like TechNet and the State Privacy and Security Coalition.

    Continue reading
  • SEC probes Musk for not properly disclosing Twitter stake
    Meanwhile, social network's board rejects resignation of one its directors

    America's financial watchdog is investigating whether Elon Musk adequately disclosed his purchase of Twitter shares last month, just as his bid to take over the social media company hangs in the balance. 

    A letter [PDF] from the SEC addressed to the tech billionaire said he "[did] not appear" to have filed the proper form detailing his 9.2 percent stake in Twitter "required 10 days from the date of acquisition," and asked him to provide more information. Musk's shares made him one of Twitter's largest shareholders. The letter is dated April 4, and was shared this week by the regulator.

    Musk quickly moved to try and buy the whole company outright in a deal initially worth over $44 billion. Musk sold a chunk of his shares in Tesla worth $8.4 billion and bagged another $7.14 billion from investors to help finance the $21 billion he promised to put forward for the deal. The remaining $25.5 billion bill was secured via debt financing by Morgan Stanley, Bank of America, Barclays, and others. But the takeover is not going smoothly.

    Continue reading

Biting the hand that feeds IT © 1998–2022