Security experts at Google have identified more than a dozen government-backed hacking groups using the COVID-19 pandemic as cover for phishing and malware attempts.
Google says that its Threat Analysis Group found hackers targeting international health organizations, including activity corroborating a Reuters report from early April that the World Health Organisation (WHO) was targeted.
WHO and other organizations, at the center of a global effort to contain the coronavirus, have come under a sustained digital bombardment by hackers seeking information about the outbreak.
Google said it has detected 18 million malware and phishing Gmail messages per day related to the coronavirus outbreak.
"One notable campaign attempted to target personal accounts of US government employees with phishing lures using American fast-food franchises and COVID-19 messaging," Google said in a blog post.
Some messages also offered free meals and coupons in response to COVID-19, others suggested recipients visit sites disguised as online ordering and delivery options, according to the blog post.
Google said it was working to identify and prevent threats, using a combination of internal investigative tools, information sharing with industry partners and law enforcement, as well as leads and intelligence from third-party researchers.
How to spot and avoid COVID-19 scams
Meanwhile, Google has listed a few ways users can spot COVID-19 scams.
- Since most of these scams come via emails, Google says users should be wary of requests for personal information such as your home address or bank details.
- If you receive an email with a link in it that leads you to a website claiming to be of an established website, examine the URL for extra words or letters — check the URL’s validity by hovering over it (on desktop) or with a long press (on mobile).
There are also ways you can avoid such scams, as per Google.
- Google suggests that you must use your company’s enterprise email account for anything work-related
- Make your video calls on video conferencing apps more secure by enabling features like ensuring only invited attendees can join the call.
- If you receive a meeting invite that requires installing a new video-conferencing app, always verify the invitation before installing.
- Keep your mobile, computer and frequently used apps updated.
- Use strong and unique passwords for all your social media and email accounts, and other apps.
With inputs from Reuters