Google: We’ve blocked 126 million COVID-19 phishing scams in the last week

In the past week, an average of 18 million COVID-19 phishing emails were sent per day via Gmail to unsuspecting marks, according to Google.

“No matter the size of your business, IT teams are facing increased pressure to navigate the challenges of COVID-19,” said Neil Kumaran, products manager for Gmail, and Sam Lugani, lead security PMM, G Suite and CP platform, today.

The pair said phishing is still the “most effective method” that scammers deploy to compromise accounts and grab data and resources from businesses. They added that “bad actors” have leapt upon the “uncertainty surrounding the pandemic”.

Google said its malware scanner uses deep-learning tech to detect malware on 300 billion attachments each week, and 63 per cent of dodgy docs blocked by Gmail are different from day to day.

Kumaran and Lugani said Google prevents 100 million phishing mails daily from reaching their targets and “during the last week, we saw 18 million daily malware and phishing emails related to COVID-19”.

“This is in addition to more than 240 million COVID-related daily span messages. Our machine learning models have evolved to understand and filter these threats, and we continue to block more than 99.9 per cent of spam, phishing and malware from reaching our end users,” they said.

That still means that 258,000 COVID-19 themed spams and phishing emails did in fact land in people’s inboxes each day – so while Google has caught the vast majority there is more work to do to minimise risks further.

The spate of COVID-19 scams was flagged by the UK’s National Cyber Security Centre and the US Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) on 8 April.

ASEAN logo

ASEAN economic bloc calls for regional fake news crushing co-operation

READ MORE

In a joint advisory [PDF], NCSC said it has spotted more UK government branded scams related to the disease “than any other subject” and the shift to home working had upped the use of “potentially vulnerable services”.

The advisory said criminals were trying to use weaknesses in VPNs, remote-working tools and software to hit the mark: NCSC and CISA “observed actors scanning” for publicly known vulns in Citrix (CVE-2019-19781). One in five public-facing Citrix boxes remained unpatched in February and open to attack. Similar vulnerabilities from Pulse Secure, Fortinet and Palo Alto “continue to be exploited”, NCSC said.

“Malicious cyber actors are also seeking to exploit the increased use of popular communications platforms (such as Zoom or Microsoft Teams) by sending phishing emails that includes malicious files with names such as ‘zoom-us-zoom_##########.exe’ and ‘microsoft-teams_V#mu#D_##########.exe’.” (It said the # represents the various digits reported online.)

Zoom has itself come under scrutiny for failings in its security and privacy – the latter policy has been rewritten – following a surge in users of its video-conferencing service.

The German foreign ministry has banned its use, as have the Taiwanese government and the New York school system. The company also misled users with claims about providing end-to-end encryption belied by its ability to access data in transit along the conference call’s connection.

Router brand Linksys recently reset all of its customers Smart Wi-Fi account passwords when it became apparent that attackers had managed to get hold of a load and were redirecting unsuspecting users to COVID-19-related malware.

The guidance dished out by Google today includes basic common-sense hygiene: run a security checkup; don’t download stuff you don’t recognise; check the integrity of URLs before providing login creds or clicking a link; avoid and report phishing emails; and, unsurprisingly, consider signing up to the Choc Factory’s Advanced Protection Programme. ®

Sponsored: Practical tips for Office 365 tenant-to-tenant migration

READ MORE HERE