Google said they noticed 18 million spam malware emails every day related to Coronavirus Coivd19 last week, revealed how bad marketers are working at this time to target all people working from home and facing restrictions due to the pandemic. In a blog post, Google said that it’s in addition to more than 240 million coronavirus related daily spam messages.
Google even said that they continue to block more than 99.9 percent of spam, malware and phishing emails from reaching to its end users as the company’s system has learning models that evolved to understand and filter these types of threats. The phishing attacks and spam emails which Google is noticing every day, they use both financial incentives as well as fear to create urgency in the user mind, so that the end-user will respond quickly to that email.
As you can see below screenshot which is an example of one spam mail, how the scammers are impersonating govt. organizations like the World Health Organization (WHO) where they ask for donations to help the cause.
Even this kind of mails includes distributing downloadable files that can install backdoors. “In addition to blocking all these emails, we even worked with the World Health Organisation to clarify the importance of accelerated implementation of Domain-based Message Authentication, Reporting, and Conformance (DMARC) and they highlighted the necessity of these emails authentication to improve the security. Neil Kumaran, Gmail Security Product Manager, and Sam Lugani, Lead Security PMM, G Suite & GCP – wrote this in the blog post.
“DMARC makes it harder for bad marketers to impersonate where it preventing malicious spammed emails from reaching the individuals inbox, while making sure legitimate communication gets through.
Sometimes scammers even attempt to capitalise on govt support packages and imitate govt institutions. Scammers use all authorised names in spamy emails like UK govt, US officials, the Centre for Disease Control & Prevention, and the World Health Organisation.
They put proactive monitoring system in place for coronavirus related phishing and malware across its all model and workflows. In most of the cases, these types of threats are not new, they are existing spammed campaigns which have simply been updated to exploit the heightened attention on coronavirus, Google said.
For some best practices, Google appealed people should avoid downloading all files which they do not recognize. Also recommended to check the URLs properly before giving any login credentials to someone or clicking any link to confirm. Majorly fake URLs seems real only just by adding some extra alphabets in real URL, so cross-check once before any further action.