Over the past week, Google has observed more than 18 million malware and phishing emails related to COVID-19 being sent out every day.
Additionally, the Internet giant is seeing over 240 million COVID-19-related daily spam messages. On a daily basis, Gmail blocks 100 million phishing emails.
Last week, Microsoft said it saw around 60,000 daily phishing emails carrying COVID-19 lures, but that they represented less than 2% of the total phishing attempts.
Multiple threat actors have adopted the current COVID-19 pandemic as a theme for email attacks, in an attempt to trick users into revealing credentials, installing malware, or sending money to attacker-controlled accounts.
“The phishing attacks and scams we’re seeing use both fear and financial incentives to create urgency to try to prompt users to respond,” Google says.
Some of the attacks observed by the company attempt to impersonate authoritative government organizations like the World Health Organization (WHO) to ask for fraudulent donations or to distribute malware.
Other malicious emails target employees operating in a work-from-home setting, or attempt to phish small businesses by making reference to government stimulus packages and imitating government institutions.
Google said it “put proactive monitoring in place for COVID-19-related malware and phishing,” while also noting that most of these threats are not new, but rather updated to fit the current trend.
“As soon as we identify a threat, we add it to the Safe Browsing API, which protects users in Chrome, Gmail, and all other integrated products. Safe Browsing helps protect over four billion devices every day by showing warnings to users when they attempt to navigate to dangerous sites or download dangerous files,” the Internet giant says.