Gmail COVID-19 scams hit millions: How to protect yourself now

(Image credit: Shutterstock)

Coronavirus has brought out the worst in bad actors online hoping to capitalize on peoples’ interest — and fears — related to the outbreak. And Google is doing something about it with Gmail’s own built-in defenses. But Google can’t catch everything.

In a new Google Cloud blog post, Google outlines what it is doing to protect businesses and users against the latest cyber threats and provides some tips to help protect yourself. 

According to Google, the phishing attacks and scams it is seeing create a false sense of urgency in order to get users to respond, whether it’s based on fear or financial incentives. One is example is attempting to impersonate the World Health Organization in order to solicit fraudulent donations or distribute malware. 

Gmail WHO scam

(Image credit: Google)

Google cites another phishing attack that preys on employees who are working from home. The note attempts to get users to click on a link to be added to the benefit payroll for the next couple of months. It gives a timetable to act within 48 hours.

Yet another example has the subject line “COVID-19 Payment” and prompts the user to download an attached invoice. This is an attempt to imitate the government in order to appear as if the email is facilitating access to stimulus packages. Other emails try to steal personal information from those who are working at home.

Gmail COVID-19 payment scam

(Image credit: Google)

The good news is that Google claims that it continues to block more than 99.9% of spam, phishing and malware from reaching its Gmail users. And it is also improving security with more proactive capabilities. 

This includes monitoring for COVID-19-related malware and phishing and then adding it to Google’s Safe Browsing API. This protects users not just in Gmail but also Crome and other integrated Google products.

How to protect yourself from Gmail COVID-19 scams

If you use G Suite, Google says that advanced phishing and malware controls are turned on by default. So all of these proactive protections are live automatically. So, for example, Gmail for G Suite will identify emails with unusual attachment types or ones that try to spoof your company domain and then display a warning banner, send them to spam or quarantine the messages. 

In order to protect yourself, Google provides a list of best practices that applies to organizations and everyday users. This includes completing this Security Checkup in order to improve your account security. You should also avoid downloading files that you don’t recognize. You can always uses Gmail’s built-in document preview.

You can also do your part by checking the integrity of URLs before providing credentials or clicking a link. Google says that fake URLS imitate real ones and include additional words. If you do receive a phishing email, you can report phishing emails using Google’s support resources.

Mark Spoonauer

Mark Spoonauer is the global editor in chief of Tom's Guide and has covered technology for over 20 years. In addition to overseeing the direction of Tom's Guide, Mark specializes in covering all things mobile, having reviewed dozens of smartphones and other gadgets. He has spoken at key industry events and appears regularly on TV to discuss the latest trends, including Cheddar, Fox Business and other outlets. Mark was previously editor in chief of Laptop Mag, and his work has appeared in Wired, Popular Science and Inc. Follow him on Twitter at @mspoonauer.