• by Ray Schultz , Columnist, April 17, 2020

Gmail now blocks more than 100 million phishing emails per day, according to Google.  

“During the last week, we saw 18 million daily malware and phishing emails related to COVID-19,” says a blog item posted on Google Cloud on Thursday by Neil Kumaran product manager, Gmail Security, and Sam Lugani lead security PMM, G Suite & GCP platform. “This is in addition to more than 240 million COVID-related daily spam messages.”

The authors add that Google’s ML Models block 99.9% of spam phishing. However, it is no small job, given that 63% of the blocked scam emails differ from day to day. 

Among the types of attacks are those impersonating legitimate bodies such as the World Health Organization (WHO).

One such email states: “Donations support WHO’s work, including with partners, to track and understand the spread of the virus to ensure patients get the care they need.”

It continues: "See below for more ways to give, Via BTC (bitcoin). Every donation helps support life-saving work for the world."

Another, addressed to work-at-home employees, states:

“Dear Staff, New notification. Please due to COVID-19, all staff & Employees are expected to kindly Click PROCEED and complete the required directive to be added to March and April benefit payroll directory as compilation is ongoing and will last within 48 hours.” 

The bad English alone should be a tipoff that this is a ripoff, but people apparently fall for these things.

Gmail is working with the WHO on to urge accelerated implementation of DMARC (Domain-based Message Authentication, Reporting, and Conformance) And it is highlighting the necessity of email authentication to improve security.

Google has also put proactive monitoring in place to block COVID-19 malware and phishing across its systems.

“In many cases, these threats are not new — rather, they’re existing malware campaigns that have simply been updated to exploit the heightened attention on COVID-19,” Kumaran and Lugani write. 

Once a threat has been identified, Google adds it to its Safe Browsing API. This protects Chrome and Gmail users on their 4 billion-plus devices per day. In G Suite, controls are turned on by default. 

The authors claim that these controls can: 

1. Route emails that match phishing and malware controls to a new or existing quarantine. 
2. Identify emails with unusual attachment types and automatically display a warning banner, or send them to spam or quarantine them.
3. Identify unauthenticated emails trying to spoof the domain and display a warning banner, then send them to spam or quarantine them.
4. Scan linked images and identify links behind shortened URLs. 

Protect against messages where the sender's name is a name in the user’s G Suite directory but isn't from your company domain or domain aliases.