Google stopped millions of malicious coronavirus-related emails from reaching Gmail users in the past week, the company announced in a blog post Thursday.
“During the last week, we saw 18 million daily malware and phishing emails related to COVID-19,” the company said. “This is in addition to more than 240 million COVID-related daily spam messages.”
Google said it blocked the vast majority of those messages, but it warned Gmail users that hackers had been trying to “take advantage of the fear and uncertainty surrounding the pandemic” — often with phishing attempts, which aren’t new but are now custom-tailored to the current situation.
Hackers have tried to exploit Gmail users in a variety of ways, the company said, including impersonating public-health authorities like the World Health Organization to “solicit fraudulent donations or distribute malware” and imitating government agencies to take advantage of businesses awaiting money from the stimulus bill or trying to abide by stay-at-home orders.
Google said it’s working to protect users against the hacking attempts by putting “proactive monitoring in place for COVID-19-related malware and phishing across our systems and workflows.”
The company also recommended that users complete a Security Checkup, avoid downloading files they don’t recognize, use Gmail’s built-in document preview (which can prevent malware from automatically downloading), and double-check whether a link goes to the site it says it does. Gmail users can also report spam or malware emails, which help the email service block similar messages in the future.
Phishing attempts and scams have been on the rise during the pandemic as hackers look to exploit people’s fears surrounding the virus. The Federal Trade Commission said it had received more than 15,000 coronavirus-related consumer complaints of fraud and scams so far in 2020, amounting to $12 million in losses for Americans.
Hackers are also targeting businesses that may be relying on less secure IT infrastructure amid remote-work environments. Cybersecurity researchers at Proofpoint said they had seen a historic high in business email scams exploiting the coronavirus to try to steal information.
“Criminals have sent waves of emails that have ranged from a dozen to over 200,000 at a time, and the number of campaigns is trending upwards,” says Sherrod DeGrippo, the company’s senior director of threat research and detection.