Google: We’re Blocking 18 Million COVID-19 Phishing Emails a Day

Apr 20, 2020 · 3 min read
Photo Illustration by Filip Radwanski/SOPA Images/LightRocket via Getty Images

On a daily basis, the company is also blocking an additional 240 million COVID-19 spam messages from appearing in people’s Gmail inboxes.

By Michael Kan

Google is warning the public to stay on guard against COVID-19 emails that actually contain malware. Last week, the company’s Gmail service blocked about 18 million malware and phishing emails per day.

“This is in addition to more than 240 million COVID-related daily spam messages,” Google product managers disclosed on Thursday.

The messages are designed to exploit the public’s fears around the pandemic. According to Google, cybercriminals have been creating fake emails that pretend to be the World Health Organization and ask for donations. However, the same emails are also designed to trick you into downloading a malicious file to take over your computer.

Other emails can pose as your company’s IT staff to manipulate you into visiting a malicious link concerning COVID-19 and its effect on payroll. The cybercriminals are also creating schemes around the economic stimulus checks small businesses have been receiving from the US government. In the example below, you can see they attached a malicious .htm file to an email concerning COVID-19 payment.

The good news is that Gmail continues to block over 99.9 percent of the spam and phishing emails that try to reach users. However, the company’s spam filter isn’t perfect; 0.1 percent of 18 million suggests that thousands of malicious COVID-19 emails are still reaching some Gmail users each day.

To bypass spam filters, hackers are routinely tweaking their emails with small changes to fool Gmail into letting the messages enter user inboxes. According to Google, 63 percent of malicious documents sent to Gmail users will technically be different from all previous bad attachments.

In response, the company has created a new AI-powered scanner that can better analyze emailed documents for signs of malicious behavior. If something harmful is detected, the scanner will automatically forward the email to your spam folder.

To stay safe, Google recommends Gmail users avoid downloading files you don’t recognize from your inbox to your PC. You can instead use Gmail’s built-in document viewer, which can activated by simply clicking the attachment. “Check the integrity of URLs before providing login credentials or clicking a link -fake URLs generally imitate real URLs and include additional words or domains,” Google adds.

For more protection, consider Google’s free Advanced Protection Program, which is designed to stop even the most elite hackers from hijacking your Gmail account.

Originally published at

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store