Coronavirus: Gmail blocks 18 million COVID-19 scam emails daily; lists out best practices
'Every day, Gmail blocks more than 100 million phishing emails. During the last week, we saw 18 million daily malware and phishing emails related to COVID-19,' Google said
Bengaluru: As the world continues its battle against the spread of coronavirus (COVID-19), Google said every day it has been blocking 18 million malware and phishing emails related to the virus.
On Thursday (April 16), on its blog, under the topic “Protecting businesses against cyber threats during COVID-19 and beyond”, the search engine giant said scam emails related to COVID-19 were being sent on Gmail and they had blocked 99.9% of spam, phishing, and malware from reaching the users.
“Every day, Gmail blocks more than 100 million phishing emails. During the last week, we saw 18 million daily malware and phishing emails related to COVID-19. This is in addition to more than 240 million COVID-related daily spam messages. Our ML models have evolved to understand and filter these threats, and we continue to block more than 99.9% of spam, phishing, and malware from reaching our users,” Google said.
It added, “The phishing attacks and scams we’re seeing use both fear and financial incentives to create urgency to try to prompt users to respond.”
The tech giant cited examples where scammers were impersonating World Health Organization (WHO) for fraudulent donations.
“Impersonating authoritative government organizations like the World Health Organization (WHO) to solicit fraudulent donations or distribute malware. This includes mechanisms to distribute downloadable files that can install backdoors. In addition to blocking these emails, we worked with the WHO to clarify the importance of an accelerated implementation of DMARC (Domain-based Message Authentication, Reporting, and Conformance) and highlighted the necessity of email authentication to improve security. DMARC makes it harder for bad actors to impersonate the who.int domain, thereby preventing malicious emails from reaching the recipient’s inbox, while making sure legitimate communication gets through,” Google explained citing an example.
Also, it showed examples of phishing attempts targeted at employees operating in a work-from-home setting and to capitalise on government stimulus packages and imitates government institutions to phish small businesses. Another one was an attempt targeting organisations impacted by stay-at-home orders.
To prevent phishing, Google recommended users to “complete a Security Checkup to improve account security, avoid downloading files that you don’t recognize; instead, use Gmail’s built-in document preview, check the integrity of URLs before providing login credentials or clicking a link — fake URLs generally imitate real URLs and include additional words or domains, avoid and report phishing emails and consider enrolling in Google’s Advanced Protection Program (APP)—we’ve yet to see anyone that participates in the program be successfully phished, even if they’re repeatedly targeted.”