Google is blocking hundreds of millions of daily Covid-19-related spam emails, as cyber-criminals continue to try and cash-in on the pandemic.
In an update yesterday, Gmail security product manager, Neil Kumaran, and G Suite/GCP lead security PMM, Sam Lugani, explained that Gmail is able to stop over 99.9% of spam, phishing, and malware from reaching users.
It’s currently blocking over 240 million Covid-themed spam messages each day, and 18 million malware and phishing emails, they claimed.
The figures highlight the scale of threats piggy-backing on widespread public awareness of and appetite for information about the pandemic.
The phishing emails are using tried-and-tested tactics, leveraging “fear and financial incentives” to trick users into clicking on malicious links, opening booby-trapped attachments, and even donating Bitcoin, Google said.
It cited examples of emails spoofed to come from the World Health Organization (WHO) asking for digital donations, another masquerading as a message from the government about business stimulus packages, and others from ‘employees’ and third parties capitalizing on current working-from-home orders.
Erich Kron, security awareness advocate at KnowBe4, argued that employees are more exposed working from home as they often can’t take advantage of corporate security controls or company-managed devices.
“The best thing organizations can do right now is to ensure that their employees have up-to-date training on how to spot and report phishing emails,” he added. “By reporting these, organizations can have them removed from other mailboxes, limiting the exposure to these attacks within the organization."
However, despite the huge numbers cited by Google, overall cybercrime levels have not increased since the start of the pandemic, according to Microsoft and the National Cyber Security Centre (NCSC). They have argued separately that existing campaigns are merely being rebranded to include Covid-19 lures and themes.
Microsoft claimed that just 60,000 of the millions of daily phishing emails it detects have Covid-19-related malicious attachments or URLs, less than 2% of the total volume of threats the firm tracks each day.