Gmail account phishing attacks target millions - here's what you need to know

(Image credit: Shutterstock)

Google is blocking millions of phishing attacks targeting Gmail accounts from cybercriminals looking to leverage the coronavirus outbreak.

The search giant says that it is seeing 18 million malware and phishing emails related to Covid-19 every day, in addition to more than 240m coronavirus-related daily spam messages.

Many attacks employ both fear and financial incentives to create a sense of urgency in order to trick users into responding. Some examples include cybercriminals impersonating government organizations such as the WHO, attempts to capitalize on government stimulus packages and messages that target those working from home during the global pandemic.

Google says that its machine learning models have now evolved to understand filter these threats so they don't end up in users' inboxes. The company continues to block more than 99.9 percent of spam, phishing and malware from reaching its users.

Gmail attacks

In a blog post from Google Cloud, the company explained how in order to help prevent users from falling victim to these scams, it has put proactive monitoring in place for coronavirus-related malware and phishing across its systems and workflows. 

However, in many cases, these threats are not new but consist of existing malware campaigns that have been updated to exploit the heightened attention on Covid-19.

As soon as Google identifies a threat, it is added to the company's Safe Browsing API which protects users in Chrome, Gmail and all of the company's other integrated products. Safe Browsing helps protect over four billion devices every day by showing warnings to users when they navigate to unsafe sites or download dangerous files.

In G Suite, advanced phishing and malware controls are turned on by default to ensure that business users automatically have these proactive protections in place. These controls route malicious emails to quarantine, identify emails with unusual attachment types, identify unauthenticated emails, protect against malicious documents, scan linked images and identify links behind shortened URLs and more to help keep users protected without interfering with their workflow.

To prevent falling victim to coronavirus email scams, Google recommends that users complete a Security Checkup, avoid downloading files from unknown senders, check the integrity of URLs before clicking on them, avoid phishing emails and consider enrolling in its Advanced Protection Program.

While cybersecurity should never be taken for granted, all users should remain extra vigilant for online threats during this difficult time.

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.