Gmail blocked over 18 million COVID-19 related malware and phishing emails last week in addition to more than 240 million COVID-19 related daily spam messages, Google has announced.
In a blog post published Friday, Neil Kumaran, Product Manager for Gmail Security, spoke about how cyber criminals have been targeting Internet users worldwide with widespread phishing campaigns centred around the COVID-19 outbreak.
To further protect Gmail users from these phishing attacks, Kumaran said that multiple COVID-19-related phishing and malware threats are being blocked by Gmail every single day. He also shared steps for administrators to effectively deal with these attacks and the best practices for users to avoid such threats.
“Every day, Gmail blocks more than 100 million phishing emails. During the last week, we saw 18 million daily malware and phishing emails related to COVID-19. This is in addition to more than 240 million COVID-related daily spam messages. Our ML models have evolved to understand and filter these threats, and we continue to block more than 99.9% of spam, phishing, and malware from reaching our users,” he said.
According to Google, Gmail has so far identified phishing attacks where the threat actors have attempted to:
- Impersonate authoritative government organizations like the World Health Organization (WHO) to solicit fraudulent donations or distribute malware fraudulent donations or distribute malware.
- Phish employees operating in a work-from-home setting.
- Capitalise on government stimulus packages and imitates government institutions to phish small businesses.
- Target organizations impacted by stay-at-home orders.
Google also announced that it has provisions in place to monitor COVID-19-related malware and phishing threats across its systems and workflows. “In many cases, these threats are not new—rather, they’re existing malware campaigns that have simply been updated to exploit the heightened attention on COVID-19,” Kumaran added.
G-Suite solutions armed with advanced phishing controls to protect millions of users
As soon as a threat is identified, Google adds it to the Safe Browsing API that protects users in Gmail, Chrome and all other integrated products. “Safe Browsing helps protect over four billion devices every day by showing warnings to users when they attempt to navigate to dangerous sites or download dangerous files.”
In G-Suite, advanced phishing and malware controls are activated by default and this encsures that G-Suite users are safe from these phishing and malware threats. These controls can:
- Route emails that match phishing and malware controls to a new or existing quarantine.
- Identify emails with unusual attachment types and choose to automatically display a warning banner, send them to spam, or quarantine the messages
- Identify unauthenticated emails trying to spoof your domain and automatically display a warning banner, send them to spam, or quarantine the messages
- Protect against documents that contain malicious scripts that can harm your devices
- Protect against attachment file types that are uncommon for your domain
- Scan linked images and identify links behind shortened URLs
- Protect against messages where the sender's name is a name in your G Suite directory, but the email isn't from your company domain or domain aliases
Google has further shared some best practices that users can follow in order to mitigate these threats. As per the company, Internet users can take the following precautions:
- Complete a Security Checkup to improve your account security.
- Avoid downloading files that you don’t recognize; instead, use Gmail’s built-in document preview.
- Check the integrity of URLs before providing login credentials or clicking a link—fake URLs generally imitate real URLs and include additional words or domains.
- Avoid and report phishing emails.
- Consider enrolling in Google’s Advanced Protection Program (APP).
Commenting on the scale at which Gmail has been blocking malware and phishing emails, Erich Kron, Security Awareness Advocate at KnowBe4, told TEISS that the fact that 18 million COVID-19-related emails are blocked each day just by Google is a sign of just how prolific these attacks are.
"In these times of high stress and change, cybercriminals know that humans are more vulnerable than ever to phishing and smishing attacks and are doing their best to capitalise on this. It is common for this type of thing to occur whenever there is a natural or a man-made event that draws significant news coverage, but the bad actors will use that to their advantage.
"Because people are working from home and often miss out on the security benefits of corporate networks and organisation-managed devices, the bad guys know that many of the technical controls that can save people are now missing.
"The best thing organisations can do right now is to ensure that their employees have up-to-date training on how to spot and report phishing emails to their organisation. By reporting these, organisations can have them removed from other mailboxes, limiting the exposure to these attacks within the organisation," he said.