Names of health organisations working in the COVID-19 response team including the World Health Organisation (WHO) and COVID-19 messaging services are being used by government-backed hackers and online fraudsters to target people, Google has warned. The alert was sounded after Google's Threat Analysis Group monitored sophisticated, government-backed hacking activity. In a blog post, Google said it was seeing new COVID-19 messaging used in attacks. "Our security systems have detected a range of new scams such as phishing emails posing as messages from charities and NGOs battling COVID-19, directions from “administrators” to employees working from home, and even notices spoofing healthcare providers," Google blog post read.
Google systems spotted over 18 million phishing attempts related to COVID-19 daily.
"Our systems have also spotted malware-laden sites that pose as sign-in pages for popular social media accounts, health organizations, and even official coronavirus maps. During the past couple of weeks, our advanced, machine-learning classifiers have seen 18 million daily malware and phishing attempts related to COVID-19, in addition to more than 240 million COVID-related spam message," Google's blog read.
How government-backed attackers are using COVID-19
Google's Threat Analysis Group (TAG) has specifically identified over a dozen government-backed attacker groups using COVID-19 themes as lure for phishing and malware attempts—trying to get their targets to click malicious links and download files.
"One notable campaign attempted to target personal accounts of U.S. government employees with phishing lures using American fast food franchises and COVID-19 messaging. Some messages offered free meals and coupons in response to COVID-19, others suggested recipients visit sites disguised as online ordering and delivery options. Once people clicked on the emails, they were presented with phishing pages designed to trick them into providing their Google account credentials," Google warned.
Google also assured that over 99.9 per cent malware was blocked by its machines but people would need that extra precaution while being online during work from home or otherwise.
With the risk factor of online scam and phishing increasing multi-fold, Google has once again reiterated some security tips during coronavirus pandemic.
Google says most of the time phishing emails or messages reach you through an urgent message like this: "URGENT MESSAGE ABOUT COVID-19". Below is the screenshot attached from Google Blog. It also advises people to cross-check the link before clicking it.
Agencies like the World Health Organisation and various hospitals in the centre of the fight against coronavirus outbreak are the direct targets. Scamsters also con people as disguising as WHO or any official agency.
Google's warning was posted in their blog's SAFETY AND SECURITY COVID-19 RESPONSE section.
To check Google's safety and security tips, click here.