Phishing lures using American fast food franchises and COVID-19 messaging are being used to target personal accounts of U.S. government employees. Some messages offer free meals and coupons. Others suggest that recipients visit sites disguised as online ordering and delivery options.
Google’s Threat Analysis Group (TAG) released a report Wednesday detailing the types of COVID-19 attacks seen across the company's product line.
When people click on the emails they are presented with phishing pages designed to trick them into providing their Google account credentials. The majority of messages were sent to spam without any user ever seeing them, and Google was able to preemptively block the domains using Safe Browsing.
Google’s security team found that more than a dozen state-sponsored hacking groups were using the virus as a lure to target users in its phishing and malware attempts. The team has seen attackers try to trick people into downloading malware by impersonating health organizations.
The attacks spoofed the World Health Organization’s login page in an attempt to steal credentials. Some attacks contain solicitations from fake charities.
Google previously reported that its systems have identified 18 million malware and phishing Gmail messages per day related to COVID-19, as well as more than 240 million COVID-related daily spam messages. The company says it has managed to block more than 99.9% of the spam, phishing and malware from reaching users.
Overall, there has not been an increase in phishing attacks by government-backed groups. In fact, Google reported seeing a slight decrease in overall volumes in March compared with January and February. What the TAG group identified is more of a change in tactics.
While it’s not unusual to see some fluctuations in these numbers, it could be that attackers -- just like many other organizations -- are experiencing productivity lags and issues due to global lockdowns and quarantine efforts.