Google is warning the public to stay on guard against COVID-19 emails that actually contain malware. Last week, the company’s Gmail service blocked about 18 million malware and phishing emails per day.
“This is in addition to more than 240 million COVID-related daily spam messages,” Google product managers disclosed on Thursday.
The messages are designed to exploit the public’s fears around the pandemic. According to Google, cybercriminals have been creating fake emails that pretend to be the World Health Organization and ask for donations. However, the same emails are also designed to trick you into downloading a malicious file to take over your computer.
Other emails can pose as your company’s IT staff to manipulate you into visiting a malicious link concerning COVID-19 and its effect on payroll. The cybercriminals are also creating schemes around the economic stimulus checks small businesses have been receiving from the US government. In the example below, you can see they attached a malicious .htm file to an email concerning COVID-19 payment.
The good news is that Gmail continues to block over 99.9 percent of the spam and phishing emails that try to reach users. However, the company’s spam filter isn’t perfect; 0.1 percent of 18 million suggests that thousands of malicious COVID-19 emails are still reaching some Gmail users each day.
To bypass spam filters, hackers are routinely tweaking their emails with small changes to fool Gmail into letting the messages enter user inboxes. According to Google, 63 percent of malicious documents sent to Gmail users will technically be different from all previous bad attachments.