Google blocking 18m coronavirus scam emails every day

Getty Images A smartphone showing the Gmail logoGetty Images

Scammers are sending 18 million hoax emails about Covid-19 to Gmail users every day, according to Google.

The tech giant says the pandemic has led to an explosion of phishing attacks in which criminals try to trick users into revealing personal data.

The company said it was blocking more than 100 million phishing emails a day. Over the past week, almost a fifth were scam emails related to coronavirus.

The virus may now be the biggest phishing topic ever, tech firms say.

Google's Gmail is used by 1.5 billion people.

A scam email impersonating the WHO. It encourages the recipient to "donate" money via Bitcoin.
One of the scam emails impersonates the World Health Organization

Individuals are being sent a huge variety of emails which impersonate authorities, such as the World Health Organization (WHO), in an effort to persuade victims to download software or donate to bogus causes.

Cyber-criminals are also attempting to capitalise on government support packages by imitating public institutions.

Google claims that its machine-learning tools are able to block more than 99.9% of emails from reaching its users.

Another coronavirus scam email
This scam email targeted businesses on Gmail

The growth in coronavirus-themed phishing is being recorded by several cyber-security companies.

Barracuda Networks said it had seen a 667% increase in malicious phishing emails during the pandemic.

Scammers have been sending fake emails and text messages claiming to be from the UK government, the WHO, the Centre for Disease Control and Prevention and even individual US officials, including President Trump.

"Phishing attacks always share the common trait of inciting or depending on an emotion that causes us to act more hastily or think less about our actions at that moment in time," said independent security researcher Scott Helme.

"The coronavirus pandemic is a highly emotional topic right now and cyber-criminals clearly know this. They're hoping that the typical person might be more inclined to click through links or follow bad instructions if they use this lure."

'Exploitation'

Researchers have also found malicious websites and smartphone applications based on genuine coronavirus resources.

One malicious Android app claims to help track the spread of the virus, but instead infects the phone with ransomware and demands payment to restore the device.

Last week, the National Cyber Security Centre and the US Department of Homeland Security issued a joint advisory.

They said they had seen "an increasing number of malicious cyber-actors" that were "exploiting the current Covid-19 pandemic for their own objectives".

The NCSC has published advice on its website to help people avoid becoming the victim of a scam.