Coronavirus-related online scams on the rise
By Adam J. Ang
CYBERTHREATS, including malware, phishing attempts and spam messages, related to the coronavirus disease (COVID-19) are on the rise, according to Google.
In a virtual briefing on Friday, Mark Risher, senior director for Account Security, Identity, and Abuse at Google, said new online attacks use COVID-19 messaging, making it easy for scammers to scale these attacks globally.
“Now, they [attackers] know that anywhere around the planet COVID-19 will be recognizable and will stimulate actions from the victims, and so we’re seeing them applied pretty consistently globally, [and] just translated maybe to local markets,” he said.
Google’s machine-learning classifiers have detected about 18 million coronavirus-related malware and phishing attempts, as well as 240 million spam messages every day in the last month.
Mr. Risher noted that the present cyberthreat situation amid the pandemic crisis is “unique,” compared to past public health crisis events, as digital attackers and their victims can be from any part of the globe.
Perpetrators of online scams and malware “may already have a language in which they communicate, like they know that they can mention coronavirus, COVID-19, selling masks or selling hand sanitizers, [as] these are such common terms,” he said.
Google did not identify which countries are prone to such online attacks.
Mr. Risher pointed out “a lot of these coronavirus and COVID-19 attacks began in Southeast Asia.” He said there are more online cyber threats detected earlier in the Asia-Pacific region than in any other area across the world.
Perpetrators are said to use fear and financial incentives to bait people.
The most common form of cyberthreat uses the World Health Organization to solicit fraudulent donations or distribute malware.
Other common types of COVID-19-related scams include posing as government institutions providing information on stimulus packages to lure small businesses; sending links to shady websites selling fakes of in-demand products such as masks and hand sanitizers; and sending notices supposedly from charities, organizations, and even healthcare providers dealing with the coronavirus disease.
“The overall volume of attacks that are facing Google and [its] users has not really changed that much. What we’ve seen instead is a tremendous concentration on using these terms, these agencies as part of the targeting practice,” Mr. Risher said in the briefing.
“The attackers have moved from generic messages to much more targeted, much more precisely crafted attacks,” he added.
Google is protecting its users from such threats through its built-in security features in its products, machine learning models in Gmail which detect and block almost all spam, phishing, and malware, among other mechanisms.
With video-conferencing becoming a common practice for conducting events lately, Mr. Risher stressed that users must ensure they understand the security features that are incorporated into the platforms they are using. Google has its own virtual meeting platform called Google Meet.
“For people who are working from home, we recommend you use official work-issued e-mail accounts at your laptops and the configuration they have given you,” he added.