Cybersecurity News

Google Blocks 18M Daily COVID-19-Related Phishing Emails

Hackers are continuing to use the COVID-19 pandemic to target users, with Google blocking 18 million phishing emails related to the Coronavirus last week.

phishing email cybersecurity employee security education email security COVID-19 fraud schemes Coronavirus

By Jessica Davis

- Google detected and blocked more than 18 million malware and phishing emails and 240 million daily spam messages related to the COVID-19 pandemic last week,. In total, the tech giant blocks more than 100 million phishing emails each day.

The report follows multiple alerts on the growing cybersecurity threats posed by the pandemic. The FBI has seen a spike in business email compromise schemes targeting the COVID-19 supply procurement of personal protective equipment and an increase in hijacking attempts of Zoom and other videoconferencing platforms.

Meanwhile, RiskIQ reports hackers are targeting small providers and hospitals with ransomware due to the increased likelihood that they’ll pay the ransom demand, while the Department of Homeland Security and others have reported a drastic increase in COVID-19 fraud schemes and ransomware.

Using machine learning models, Google has been able to block more than 99.9 percent of spam, malware, and phishing attempts from reaching the email inbox. But hackers are preying on fear and financial incentives to entice users to respond.

“No matter the size of your business, IT teams are facing increased pressure to navigate the challenges of COVID-19,” Google researchers wrote. “At the same time, some things remain constant: Security is at the top of the priority list, and phishing is still one of the most effective methods that attackers use to compromise accounts and gain access to company data and resources.”

“In fact, bad actors are creating new attacks and scams every day that attempt to take advantage of the fear and uncertainty surrounding the pandemic,” they added.

Mirroring recent research, Google has seen these campaigns impersonate the World Health Organization to solicit fraud or distribute malware, including downloadable files able to install backdoors.

Google worked with WHO to stress the need for an accelerated implementation of Domain-based Message Authentication, Reporting, and Conformance (D-MARC) and the need for email authentication.

Hackers are also targeting the remote environment, given the majority of the country’s workforce is now working from home, along with imitating government institutions to phish small businesses.

Microsoft recently noted that Trickbot is the most prolific malware operation leveraging COVID-19 lures. Trickbot is known to later drop ransomware payloads in its attack chain.

“These tools have been custom-built and evolved into terrible machines for mass infection of organizational networks, be it huge hospital or small local practice,” Malwarebytes wrote in an earlier report.

The latest campaign was spotted in the wild using hundreds of “unique macro-laced document attachments” in messages offering free COVID-19 tests.

In response, Google provided some best practice recommendations for organizations and users focused on malware and phishing. To start, organizations should complete a security checkup to improve their email account security, while reminding users to avoid downloading files from unknown accounts.

URL integrity should be verified before a user considers providing login credentials or clicking a link within the body of the email.

A JAMA study showed phishing education can drastically reduce the risk to the healthcare environment, while numerous security researchers have provided actionable steps and necessary tools for securing the remote environment and telehealth platforms during the COVID-19 pandemic.

Most recently, the American Medical Association and the American Hospital Association released joint telework privacy and security guidance for hospitals and providers.