Google has warned about the emerging COVID-19 cyberthreats in India, Brazil, and the U.K. The search engine giant stated that attackers are using malware and phishing emails that imitate legitimate financial incentives to entice users to respond.
Neil Kumaran, Gmail Security Product Manager, and Sam Lugani, Lead Security PMM for G Suite and GCP, said that they have seen an increased number of email attacks, most of them COVID-19 related scams, in the targeted countries. They also mentioned that earlier Gmail blocked 18 million malware and phishing emails, and more than 240 million spam emails daily during the pandemic.
“Specifically, we’ve been seeing COVID-19-related malware, phishing, and spam emails rising in India, Brazil, and the UK. These attacks and scams use regionally relevant lures, financial incentives, and fear to create urgency and entice users to respond,” the team said in a statement.
In India, Google noticed potential victims being targeted with the malicious emails that appear to come from health service providers and COVID-19 tracking apps like the Aarogya Setu app. Aarogya Setu is a smartphone application developed by the Indian government to help people assess themselves on the risk of infecting with Coronavirus.
“As India is opening back up and employees are getting back to their workplaces, we’re starting to see more attacks masquerading as COVID-19 symptom tracking. And with more and more people looking to buy health insurance in India, phishing scams targeting insurance companies have become more prevalent. Often these scams rely on quoting established institutions, and getting viewers to click on malicious links,” Google said.
In Brazil, Google warned about the surge in phishing attacks targeting streaming services due to their rising popularity, claiming the recipient will be fined if they do not respond.
In the U.K., hackers are impersonating government organizations to steal confidential and personal information.
The threat actors are designing schemes and campaigns referring to the government’s Small Business Grant Fund, in turn luring citizens into downloading malicious files.
Google also listed certain safety recommendations for users to prevent such email attacks. These include:
- Avoid downloading files that you do not recognize; instead, use Gmail’s built-in document preview
- Check the integrity of URLs before providing login credentials or clicking a link—fake URLs generally imitate real ones and include additional words or domains
- Report phishing emails
- Turn on two-step verification to help prevent account takeovers, even in cases where someone obtains your password
- Consider enrolling in Google’s Advanced Protection Program (APP)—we’ve yet to see anyone in the program be successfully phished, even if they are repeatedly targeted
- Be thoughtful about sharing personal information such as passwords, bank account or credit card numbers, and even your birthday
Along with social distancing guidelines, it is advisable to follow cyber precautions for seamless functioning of businesses operations.