Google on Wednesday revealed that it has detected 18 million malware and phishing Gmail messages per day related to COVID-19, in addition to more than 240 million COVID-related daily spam messages.Google's Threat Analysis Group (TAG) identified over a dozen government-backed attacker groups using COVID-19 themes as lure for phishing and malware attempts — trying to get their targets to click malicious links and download files.
"Our machine learning models have evolved to understand and filter these threats, and we continue to block more than 99.9 percent of spam, phishing and malware from reaching our users," said Shane Huntley from Threat Analysis Group.
The TAG team also found new, COVID-19-specific targeting of international health organizations, including activity that corroborates reporting in Reuters earlier this month and is consistent with the threat actor group often referred to as Charming Kitten.The team has seen similar activity from a South American actor, known externally as Packrat, with emails that linked to a domain spoofing the World Health Organization's login page.
"We're proactively adding extra security protections, such as higher thresholds for Google Account sign in and recovery, to more than 50,000 of such high-risk accounts," said Google.
TAG is a specialized team of security experts that works to identify, report, and stop government-backed phishing and hacking against Google and the people who use its products.One notable campaign attempted to target personal accounts of US government employees with phishing lures using American fast food franchises and COVID-19 messaging.
Some messages offered free meals and coupons in response to COVID-19 while others suggested recipients visit sites disguised as online ordering and delivery options.Once people clicked on the emails, they were presented with phishing pages designed to trick them into providing their Google account credentials.
"The vast majority of these messages were sent to spam without any user ever seeing them, and we were able to preemptively block the domains using Safe Browsing," said Google.
The tech giant said that as the world continues to respond to COVID-19, it expects to see new lures and schemes.