Google has put out an official statement reporting the sudden rise in phishing attacks as cybercriminals try to profit off the widespread novel coronavirus.
The official report was released to prevent more of the general public from becoming victims of these cyber-attacks by informing them of the hackers’ schemes — which involved impersonating the World Health Organization (WHO) and other government agencies to elicit donations or to persuade others to download information-stealing malware.
According to Google, over $12 million have already been lost by Americans as a result of these COVID-19 related phishing scams.
The company has been making various efforts in order to prevent these scams from becoming widespread. Even going as far as to work with WHO and other government agencies to make it more difficult for them to be impersonated online.
Google also reports that their AI-powered filters have been hard-at-work trying to get rid of most of these threats as well. Their statement included a rough figure of around 18 million coronavirus-themed malware and phishing emails deleted every day over the past week alone. That was in addition to over 240 million spam messages related to COVID-19.
However, they are still advising their users to stay vigilant and make the most of Google’s available functions — like their Security Checkup feature, so that they can be sure of the validity of the documents and files that they download.
Phishing attacks like these are actually nothing new.
Rarely has one subject been the main focus of these attacks, like the coronavirus-themed emails we see today. But, they’ve actually been around for years and sudden increases in their volume are to be expected.
For example, after big data breaches, like the Yahoo data breach from 2013 or the Marriott International data breach of 2014 to 2018, alert on phishing scams often increase exponentially.
Such data breaches can expose the names, addresses, phone numbers, email addresses, credit card numbers, etc. of the company’s clients and customers. Leaving them vulnerable to incredibly malicious, and even, targeted phishing scams.
This only increases the urgency and desperation of the victims of such attacks, which can cause them to more easily fall prey to the hacker’s schemes.
In some cases, like the data breach suffered by Zoom Video Communications — an app that is popular for professional and business-oriented video conferences, the customer’s data may even be sold or shared freely online. As was reported by TechTimes, in an article about some of the biggest data breaches in 2020 so far.
According to TechTimes: “The information breach included both usernames and passwords for Zoom corporate accounts… The researches who discovered the stolen database found that the credentials were being openly shared in an underground forum rather than sold.”
The author goes on to say that this: “Left the owners of the stolen Zoom credentials open to even more risk for a variety of cybernetic attacks.”
However, this is no reason to panic unnecessarily.
In fact, in that same TechTimes article, there was a report on another data breach, involving Maropost, a customer engagement platform service that works with B2C brands and retailers.
TechTimes states that: “The Maropost case was nothing but a small discrepancy caused by a simulated log file that didn’t reveal any actual personally-identifying information on anyone.” Meaning, that it was completely harmless and that the reports of such a breach were largely exaggerated.
So, evidently, while data breaches do happen, they aren’t so prevalent that you need to stay off the internet all-together. Especially not now, when so many local businesses, big and small, have closed shops to stop the spread of COVID-19. Leaving many without access to food, drink, and other basic necessities.
Instead, the best thing for you to do is remain vigilant, as Google advised its users.
Be careful of who you send money to on the internet or on the phone (phishing scams happen through texts and phone calls too, after all.) It’s also best to avoid downloading any files from emails as well, especially if you’re not familiar with the sender, or if you have reason to believe that the sender may just be impersonating someone you know.
When possible, Google had also advised its users to double-check that URLs sent to them actually match the destination of said links — as there are some hackers who target their victims that way as well.
It’s a lot to think about and remember, but making even the smallest effort to stay vigilant, is definitely worth the hassle, considering the fact that it is your identity that is on the line.
