Want free fast food delivered to you during the pandemic? Well, you should probably avoid the offer. According to Google, state-sponsored spies are using it as bait to trick people into opening malicious emails.
The company has identified over a dozen state-sponsored hacking groups exploiting the pandemic for phishing purposes. The schemes work by manipulating victims into opening dangerous email attachments containing malware, or visiting links that can steal your Google account password.
“One notable campaign attempted to target personal accounts of US government employees with phishing lures using American fast food franchises and COVID-19 messaging,” Google said in the blog post. “Some messages offered free meals and coupons in response to COVID-19, others suggested recipients visit sites disguised as online ordering and delivery options.”
However, the emails were actually designed to nab the victims’ passwords by rerouting the recipient to a hacker-controlled web page, which can record any login information typed into the interface.
Fortunately, Google’s filters sent the “vast majority” of the malicious emails to people’s spam folder. The company’s “Safe Browsing” technology also prevented browsers from accessing the hacker-controlled phishing pages. “We’re not aware of any user having their account compromised by this campaign, but as usual, we notify all targeted users with a ‘government-backed attacker’ warning,” the company added.
Example phishing attacks targeting WHO staff members.
According to Google, the hackers have also been targeting international health organizations with phishing emails that focus on COVID-19. In one attack, the culprits impersonated a World Health Organization official and asked the recipient to open an attachment concerning the COVID-19 outbreak in Iran. In other attacks, the hackers tried to trick victims into typing in their login credentials into a look-alike World Health Organization website.
“These findings show that health organizations, public health agencies, and the individuals who work there are becoming new targets as a result of COVID-19,” the company said. “We’re proactively adding extra security protections, such as higher thresholds for Google Account sign in and recovery, to more than 50,000 of such high-risk accounts.”
The good news is that the overall volume of detected phishing attacks from state-sponsored hackers remains largely the same. The culprits are just changing tactics.
“In fact, we saw a slight decrease in overall volumes in March compared to January and February,” the company said. “It could be that attackers, just like many other organizations, are experiencing productivity lags and issues due to global lockdowns and quarantine efforts.”
Last week, Google said it was blocking about 18 million COVID-19 phishing emails a day on Gmail. The tech giant is also filtering out about 240 million coronavirus-themed spam messages on a daily basis. For more protection on your Gmail account, consider the company’s free Advanced Protection Program.