Google has said that it intercepted 18 million malware and phishing emails related to COVID-19 each day in the past week, representing nearly 20% of the “more than 100 million” phishing Gmail messages that Google says it typically blocks daily*. And this doesn’t include the 240 million coronavirus-related spam messages that its automated systems have filtered out every day.
In the past week, cybersecurity officials from both the U.S. and U.K. have cautioned that state-backed hackers and online criminals have been taking advantage of the COVID-19 crisis, which has led millions more people to work from home — often using their own devices on insecure networks. Google’s latest data seems to lend credence to these warnings.
With 1.5 billion users and 5 million paying businesses, Gmail is the most widely used email service in the world, making it a good barometer for the inherent risks associated with a sudden increase in home-working. Indeed, Google has given a glimpse into the types of messages that its machine learning systems are helping to block.
Bad actors are impersonating legitimate health bodies such as the World Health Organization (WHO), which — according to this message — wants people to donate in Bitcoin.
Similarly, malicious emails purporting to be from an employee’s “Admin Department” are trying to fool people into clicking spurious links.
Others are pretending to be from government institutions, offering small businesses more information on applying for stimulus packages.
Not all of the COVID-19 malware and phishing threats are new, and many are “existing malware campaigns that have simply been updated to exploit the heightened attention on COVID-19,” according to a Google blog post today.
Machine learning is pretty much pivotal to Google’s efforts to prevent malware, phishing, and other malicious emails from reaching users. Scammers often tweak and adapt their techniques to circumvent filters and capitalize on crises such as COVID-19; thus the technologies designed to prevent this have to adapt as well.
Earlier this year, Google detailed new “document scanners” that leverage deep learning to enhance its detection capabilities for threats contained inside attachments, which builds on its existing TensorFlow deep-learning models. Such capabilities are what enables Google to claim a 99.9% detection rate for all nefarious emails, when “63% of the malicious docs blocked by Gmail are different from day to day,” Google wrote.
*Updated to clarify that Google typically blocks “more than” 100 million phishing Gmail messages daily, though the figure may change on a day-to-day basis.