Google says that Gmail blocks more than 100 million phishing emails per day. Now, Google is seeing 18 million daily malware and phishing emails related to COVID-19. This is in addition to more than 240 million COVID-related daily spam messages.

According to Google, their machine learning models have evolved to understand and filter these threats, so that they can continue to block more than 99.9 percent of spam, phishing and malware from reaching users. The phishing attacks and scams Google is observing use both fear and financial incentives to create urgency to try to prompt users to respond. Here are some examples:

  • Impersonating authoritative government organizations like the World Health Organization (WHO) to solicit fraudulent donations or distribute malware. This includes mechanisms to distribute downloadable files that can install backdoors. In addition to blocking these emails, Google says they have worked with the WHO to clarify the importance of an accelerated implementation of DMARC (Domain-based Message Authentication, Reporting, and Conformance) and highlighted the necessity of email authentication to improve security. DMARC makes it harder for bad actors to impersonate the domain, thereby preventing malicious emails from reaching the recipient’s inbox, while making sure legitimate communication gets through, adds Google.

1 Impersonating authoritative government organizations.jpg

Image courtesy of Google

  • This example shows increased phishing attempts of employees operating in a work-from-home setting.


2 phishing attempts of employees.jpg

Image courtesy of Google

  • This example attempts to capitalize on government stimulus packages and imitates government institutions to phish small businesses.


3 capitalize on government stimulus packages.jpg

Image courtesy of Google

  • This attempt targets organizations impacted by stay-at-home orders.


4 targets organizations.jpg

Image courtesy of Google


In addition, Google notes that they have put proactive monitoring in place for COVID-19-related malware and phishing across their systems and workflows. "In many cases, these threats are not new—rather, they’re existing malware campaigns that have simply been updated to exploit the heightened attention on COVID-19," Google says. 

As soon as they identify a threat, Google says the threat is added to the Safe Browsing API, which protects users in Chrome, Gmail, and all other integrated products. In G Suite, advanced phishing and malware controls are turned on by default, ensuring that all G Suite users automatically have these proactive protections in place. These controls can:

  • Route emails that match phishing and malware controls to a new or existing quarantine
  • Identify emails with unusual attachment types and choose to automatically display a warning banner, send them to spam, or quarantine the messages 
  • Identify unauthenticated emails trying to spoof the user's domain and automatically display a warning banner, send them to spam, or quarantine the messages 
  • Protect against documents that contain malicious scripts that can harm devices 
  • Protect against attachment file types that are uncommon for an user's domain
  • Scan linked images and identify links behind shortened URLs
  • Protect against messages where the sender's name is a name in the G Suite directory, but the email isn't from the user's company domain or domain aliases