The coronavirus pandemic has led to a worldwide panic and to add to that, criminals are now sending hoax emails to phish into revealing personal data. “
Google said in a blog post, “Every day, Gmail blocks more than 100 million phishing emails. During the last week, we saw 18 million (1.8 crores) daily malware and phishing emails related to COVID-19. This is in addition to more than 240 million COVID-related daily spam messages.”
Users are being sent emails impersonating institutions like the World Health Organization (WHO), in an effort to persuade victims to download software or donate to fake/malicious causes. Criminals are also looking for ways to capitalize on government support packages by imitating public institutions. Google claims that its machine-learning tools are capable of blocking more than 99.9% of emails from reaching its users.
The increase in the coronavirus-themed phishing is being noticed by several cyber-security companies. “Phishing attacks always share the common trait of inciting or depending on an emotion that causes us to act more hastily or think less about our actions at that moment in time.The coronavirus pandemic is a highly emotional topic right now and cyber-criminals clearly know this. They’re hoping that the typical person might be more inclined to click through links or follow bad instructions if they use this lure.” said independent security researcher Scott Helme.
These emails are essentially a gateway into the user’s system who is already paranoid because of the pandemic situation thus making them more vulnerable. Google is working with the WHO to clarify the importance of an accelerated implementation of DMARC (Domain-based Message Authentication, Reporting, and Conformance) and they highlighted the necessity of email authentication to improve security. DMARC makes it harder for bad actors to impersonate the who.int domain, thereby preventing malicious emails from reaching the recipient’s inbox, while making sure legitimate communication gets through.