Over the past week, Google has observed more than 18 million malware and phishing emails related to COVID-19 being sent out every day.
Additionally, the Internet giant is seeing over 240 million COVID-19-related daily spam messages. On a daily basis, Gmail blocks 100 million phishing emails.
Last week, Microsoft said it saw around 60,000 daily phishing emails carrying COVID-19 lures, but that they represented less than 2% of the total phishing attempts.
Multiple threat actors have adopted the current COVID-19 pandemic as a theme for email attacks, in an attempt to trick users into revealing credentials, installing malware, or sending money to attacker-controlled accounts.
“The phishing attacks and scams we’re seeing use both fear and financial incentives to create urgency to try to prompt users to respond,” Google says.
Some of the attacks observed by the company attempt to impersonate authoritative government organizations like the World Health Organization (WHO) to ask for fraudulent donations or to distribute malware.
Other malicious emails target employees operating in a work-from-home setting, or attempt to phish small businesses by making reference to government stimulus packages and imitating government institutions.
Google said it “put proactive monitoring in place for COVID-19-related malware and phishing,” while also noting that most of these threats are not new, but rather updated to fit the current trend.
“As soon as we identify a threat, we add it to the Safe Browsing API, which protects users in Chrome, Gmail, and all other integrated products. Safe Browsing helps protect over four billion devices every day by showing warnings to users when they attempt to navigate to dangerous sites or download dangerous files,” the Internet giant says.
Related: COVID-19 Lures Only a Fraction of Daily Phishing Emails
Related: Corporate Workers Warned of ‘COVID-19 Payment’ Emails Delivering Banking Trojan
Related: Syrian Hackers Target Mobile Users With COVID-19 Lures
More from Ionut Arghire
- TransUnion Denies Breach After Hacker Publishes Allegedly Stolen Data
- Legit Security Raises $40 Million in Series B Financing
- Atlassian Security Updates Patch High-Severity Vulnerabilities
- Critical Infrastructure Organizations Warned of Snatch Ransomware Attacks
- Tor-Based Drug Marketplace Piilopuoti Shut Down by Law Enforcement
- Discern Security Emerges From Stealth Mode With $3 Million in Funding
- DHS Publishes New Recommendations on Cyber Incident Reporting
- GitLab Patches Critical Pipeline Execution Vulnerability
Latest News
- SANS Survey Shows Drop in 2023 ICS/OT Security Budgets
- Apple Patches 3 Zero-Days Likely Exploited by Spyware Vendor to Hack iPhones
- New ‘Sandman’ APT Group Hitting Telcos With Rare LuaJIT Malware
- Every Network Is Now an OT Network. Can Your Security Keep Up?
- Navigating the Digital Frontier in Cybersecurity Awareness Month 2023
- TransUnion Denies Breach After Hacker Publishes Allegedly Stolen Data
- Legit Security Raises $40 Million in Series B Financing
- Cisco to Acquire Splunk for $28 Billion
