Coronavirus confusion is proving to be rich pickings for scammers, with Google revealing just how much COVID-19 related spam it’s currently catching in its Gmail filters. Warnings around potential scams and phishing attacks using the current pandemic as a hook have circulated almost since coronavirus was first identified, with unscrupulous attackers counting on an appetite for up to date information to deliver too-trusting clicks.
Gmail’s spam filter is responsible for blocking more than 100 million phishing emails each day, Google said. Over the past week, 18 million malware and phishing emails related to COVID-19 were trapped every day. “This is in addition to more than 240 million COVID-related daily spam messages,” Google says.
While many spam messages seem comically simple, whether that be because of outlandish and unbelievable claims, or poor spelling and jumbled language, the reality is that some people will inevitably be taken in. Google has given some examples of the sort of scams it’s seeing bump up against its filters, and as you’d expect they tap into reader-recognition of trustworthy names like the World Health Organization (WHO).
One such message, for example, claims to be from the WHO and solicits donations to help its work fighting coronavirus. It gives a bitcoin address to donate to, taking advantage of the fact that cryptocurrency transfers can be difficult to track or reverse.
Other phishing attempts try to use newly working-from-home policies many companies have enacted to fool employees into clicking on links or attachments. In Google’s example, a message from the “Admin Department” claims to need the reader to click a link in order to confirm payroll benefits. Similar messages purport to be from the government, tapping into concerns about receiving the stimulus package payment or getting small business loans.
It’s not just email scams which have multiplied to take advantage of people desperate for information – and for a coronavirus cure. The FDA has been on the warpath recently, targeting vendors of fake cures and treatments for COVID-19. That’s included products like teas, essential oils, tinctures, and colloidal silver, none of which have any medical use in addressing coronavirus infection, but which have been pitched as such all the same.
If the filters do what they’re meant to, most people will never see most of these messages unless they actively go looking through their spam folder. Still, the advice remains the same for safe browsing: don’t click on links haphazardly, avoid downloading files you don’t recognize, and examine URLs to make sure they’re exactly correct.
Google also says that enrolling in its Advanced Protection Program (APP) is also a safer option. Originally designed to deliver extra security for those at heightened risk of hacking and phishing, such as journalists, it comes with some limitations around functionality but also promises much better protection as a result. According to Google, “we’ve yet to see anyone that participates in the program be successfully phished, even if they’re repeatedly targeted.’