Home > News > Top Stories > Over 18 Million Covid-19 Malware and Phishing Emails Blocked by Google

Over 18 Million Covid-19 Malware and Phishing Emails Blocked by Google

  • Google says it has blocked 18 million daily malware and phishing emails related to COVID-19 over the past week.

  • Majority of malware and phishing emails involve impersonation.

  • This includes implementing multi-factor authentication methods that require people to prove their identity using two or more verification methods.


Google says it has blocked 18 million daily malware and phishing emails related to COVID-19 over the past week. The search giant also says it has encountered over 240 million daily spam messages related to the novel coronavirus. On a typical day, Google blocks over 100 million phishing messages daily. According to Google, the cybercriminals use both fear and financial incentives to create urgency to prompt users to respond.

Google says that the majority of malware and phishing emails involve impersonating government organizations such as the World Health Organization. Some of the coronavirus-related malware and phishing emails solicit fraudulent donations for various causes. In contrast, malware tricks attempt to deceive users into downloading files laced with malware on their devices. Other phishing attempts claim to possess information about the government stimulus packages for individuals and small businesses. Phishing scams targeting remote workers purport to be the recipient’s employer.

“The fact that 18 million Covid-19-related emails are blocked each day just by Google is a sign of just how prolific these attacks are,” Kron says. “In these times of high stress and change.

~ Erich Kron Cybersecurity Keynote Speaker


Learn more: PHISHING KITS BECOME “BESTSELLER” IN THE UNDERGROUND MARKET: RESEARCH
 

He added that criminals are aware of the system vulnerabilities arising from employees working at home away from secure corporate networks.
 

“The best thing organizations can do right now is to ensure that their employees have up-to-date training on how to spot and report phishing emails to their organization”.

~ LaSala, Director of Security Solutions


The search giant notes that most of the malware and phishing emails are not new but are existing campaigns updated to exploit the panic and curiosity caused by the current pandemic. The company adds that its machine learning AI algorithm can block 99.9% of spam phishing and malware from reaching its users. Google is also working on other techniques, such as implementing the Domain-based Message Authentication, Reporting, and Conformance (DMARC), to prevent fraudsters from impersonating the www.who.int domain. This method will also prevent WHO messages from accidentally being filtered out as spam due to the frequency of similar fraudulent messages.

Google advises people to avoid downloading files from untrusted users. Additionally, the search giant recommends using its email preview inbuilt tool to view documents before downloading. However, some experts have been critical of Google’s response to malware and phishing emails threats. Colin Bastable, CEO of security awareness training company Lucy Security says Google allows scammers to associate Gmail accounts with phishing links while virtue-signaling its users about security.

Learn more: WORK FROM HOME: CYBER SECURITY DURING COVID-19
 

Spotlight

More featured news

Spotlight

Related News

Data Security

GuidePoint Security Announces Portfolio of Data Security Governance Services

GuidePoint Security | January 30, 2024

GuidePoint Security, a cybersecurity solutions leader enabling organizations to make smarter decisions and minimize risk, today announced the availability of its Data Security Governance services, which are designed to help customers address the challenges of unstructured data and data sprawl through a proven process and program to meet their unique needs. GuidePoint’s Data Security Governance services consist of policies, standards, and processes leveraging the newest technologies to meet organizations’ data governance goals in both on-prem and cloud environments. Once the right strategy is determined with the customer, GuidePoint Security consultants will review program requirements, assess current policies and controls, perform gap analysis, design and develop/enhance the program, recommend and implement supporting technologies, and create operational processes and metrics. “Whether an organization is just beginning to build their data security governance program or needs help assessing and improving an existing program, our team and service capabilities are built to meet them at their current maturity level,” said Scott Griswold, Practice Director - Security Governance Services, GuidePoint Security. “We work side by side with the customer to conduct the necessary data discovery in their environment and provide tailored recommendations for solutions and processes to ultimately build/improve upon the data security governance program.” GuidePoint’s Data Security Governance Services include: Sensitive Data Cataloging: For organizations just getting started in the process of protecting their sensitive data, GuidePoint offers Data Identification workshops to identify sensitive data types in the environment, including trade secrets, intellectual property, and sensitive business communications. Data Security Governance Program Assessment: For organizations with existing Data Security Governance or Data Protection programs, GuidePoint Security experts will assess the program to identify policy non-compliance, gaps in data protection requirements—whether legal, regulatory, contractual, or business—and program maturity levels. Data Security Governance Program Strategy Development: The GuidePoint team will work with an organization's key stakeholders to design a program strategy aligned with relevant requirements. The outputs of this effort include delivering ongoing sensitive data discovery, automated classification and labeling, the application of required sensitive data protections, restrictions on where sensitive data can be stored and sent, and data retention policy enforcement. Merger and Acquisition Data Identification: This offering provides the ability to identify sensitive data within an M&A target or recent acquisition (including locations, amounts, and access rights) and then perform penetration testing on the storage repositories where that sensitive data exists to determine the risk of data compromise. About GuidePoint Security GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions that minimize risk. Our experts act as your trusted advisor to understand your business and challenges, helping you through an evaluation of your cybersecurity posture and ecosystem to expose risks, optimize resources and implement best-fit solutions. GuidePoint’s unmatched expertise has enabled a third of Fortune 500 companies and more than half of the U.S. government cabinet-level agencies to improve their security posture and reduce risk. Learn more at www.guidepointsecurity.com.

Read More

Data Security

GuidePoint Security Announces Portfolio of Data Security Governance Services

GuidePoint Security | January 30, 2024

GuidePoint Security, a cybersecurity solutions leader enabling organizations to make smarter decisions and minimize risk, today announced the availability of its Data Security Governance services, which are designed to help customers address the challenges of unstructured data and data sprawl through a proven process and program to meet their unique needs. GuidePoint’s Data Security Governance services consist of policies, standards, and processes leveraging the newest technologies to meet organizations’ data governance goals in both on-prem and cloud environments. Once the right strategy is determined with the customer, GuidePoint Security consultants will review program requirements, assess current policies and controls, perform gap analysis, design and develop/enhance the program, recommend and implement supporting technologies, and create operational processes and metrics. “Whether an organization is just beginning to build their data security governance program or needs help assessing and improving an existing program, our team and service capabilities are built to meet them at their current maturity level,” said Scott Griswold, Practice Director - Security Governance Services, GuidePoint Security. “We work side by side with the customer to conduct the necessary data discovery in their environment and provide tailored recommendations for solutions and processes to ultimately build/improve upon the data security governance program.” GuidePoint’s Data Security Governance Services include: Sensitive Data Cataloging: For organizations just getting started in the process of protecting their sensitive data, GuidePoint offers Data Identification workshops to identify sensitive data types in the environment, including trade secrets, intellectual property, and sensitive business communications. Data Security Governance Program Assessment: For organizations with existing Data Security Governance or Data Protection programs, GuidePoint Security experts will assess the program to identify policy non-compliance, gaps in data protection requirements—whether legal, regulatory, contractual, or business—and program maturity levels. Data Security Governance Program Strategy Development: The GuidePoint team will work with an organization's key stakeholders to design a program strategy aligned with relevant requirements. The outputs of this effort include delivering ongoing sensitive data discovery, automated classification and labeling, the application of required sensitive data protections, restrictions on where sensitive data can be stored and sent, and data retention policy enforcement. Merger and Acquisition Data Identification: This offering provides the ability to identify sensitive data within an M&A target or recent acquisition (including locations, amounts, and access rights) and then perform penetration testing on the storage repositories where that sensitive data exists to determine the risk of data compromise. About GuidePoint Security GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions that minimize risk. Our experts act as your trusted advisor to understand your business and challenges, helping you through an evaluation of your cybersecurity posture and ecosystem to expose risks, optimize resources and implement best-fit solutions. GuidePoint’s unmatched expertise has enabled a third of Fortune 500 companies and more than half of the U.S. government cabinet-level agencies to improve their security posture and reduce risk. Learn more at www.guidepointsecurity.com.

Read More

More featured news