Google says it saw more than 18 million daily malware and phishing emails related to COVID-19 scams just in the past week. That’s on top of the more than 240 million daily spam messages it sees related to the novel coronavirus, the company says.
The phishing attacks and scams “use both fear and financial incentives to create urgency to try to prompt users to respond,” Google says. In other words, same email scam, different subject line.
These scams include impersonating government organizations like the World Health Organization to try to solicit donations or trick users into downloading malware; pretending to have information about government stimulus payments; and phishing attempts aimed at workers who are working remotely. This scammer pretends to be affiliated with the recipient’s employer:
Google say its artificial intelligence-powered protections filter such threats, and that it blocks “more than 99.9 percent of spam, phishing, and malware from reaching our users” using AI and other techniques. The company also says it worked with WHO on implementing DMARC (Domain-based Message Authentication, Reporting, and Conformance) to make it more difficult for scammers to impersonate the who.int domain and prevent legitimate emails from the WHO from being caught in spam filters.
The company says in many cases the malware and phishing threats aren’t new but just existing malware campaigns updated to exploit fear and confusion around COVID-19. The usual cautions apply: don’t click links in emails you weren’t expecting, report phishing emails, and make sure a URL is legitimate before providing any information, since most scammers try to closely approximate real URLs.