Google says it blocks 18 million COVID-19 related scam emails each day
The COVID-19 pandemic has paved the way for a flood of cybersecurity threats, including email-based phishing and malware threats. Google reported this week that it is currently blocking 18 million emails per day targeting its Gmail users.
WHY IT MATTERS
Google also says it is using sophisticated machine-learning technology to track more than 240 million COVID-related daily spam messages, which use a mix of fear and financial incentives to create urgency to prompt users to respond.
In a blog post from Neil Kumaran, product manager for Gmail Security, and Sam Lugani, lead security PMM for the G Suite and GCP platforms, the Google execs shared some steps for admins to effectively deal with the rising tide of spam emails, and detailing best practices for users to avoid threats.
For example, one highlighted email attempts to capitalize on government stimulus packages by imitating government institutions to phish small businesses, while others impersonate authoritative government organizations like the World Health Organization to solicit fraudulent donations or distribute malware.
Still other emails tailor their messages toward organizations that have been impacted by shelter-in-place orders, or at employees navigating the new normal of working from home.
Among the best practices to deal with potential phishing and malware-based emails, Google recommends users check the integrity of URLs before providing login credentials or clicking a link and using Gmail's built-in document preview to avoid downloading unrecognized files.
The company said it is also continuously monitoring and updating COVID-19-related malware and phishing threats, noting many of these threats are pre-existing and have simply been updated to take advantage of the pandemic.
THE LARGER TREND
In February, Google added a new generation of document scanners that rely on deep learning to improve spam, phishing and malware-detection capabilities.
The announcement comes as healthcare organizations – already one of the most targeted industries for cyber attacks – are under increasing security strains during the coronavirus public health emergency.
Toward that end, the AMA and the AHA partnered this week on COVID-19 cyber threats guidance for hospitals and physicians, including recommendations regarding VPNs and cloud-based services, coronavirus-themed phishing emails, telehealth deployments, and medical-device security.
Earlier this week, Microsoft announced it is extending its AccountGuard service to healthcare organizations for the duration of the COVID-19 outbreak, and the WHO said it has seen attempted cyber attacks double since the onset of the crisis.
Also this week, Dan Costantino, Chief Information Security Officer at Penn Medicine, offered some useful best practices for helping clinical and operational teams weather the cybersecurity threats as they fight back against a pandemic.
ON THE RECORD
"IT teams are facing increased pressure to navigate the challenges of COVID-19," said Kumaran and Lugani in the blog post. "Security is at the top of the priority list, and phishing is still one of the most effective methods that attackers use to compromise accounts and gain access to company data and resources. In fact, bad actors are creating new attacks and scams every day that attempt to take advantage of the fear and uncertainty surrounding the pandemic.
"At Google Cloud, we’re committed to protecting our customers from security threats of all types," they added. "We’ll keep innovating to make our security tools more helpful for users and admins and more difficult for malicious actors to circumvent."