back to article Google: We've blocked 126 million COVID-19 phishing scams in the past week

In the past week, an average of 18 million COVID-19 phishing emails were sent per day via Gmail to unsuspecting marks, according to Google. "No matter the size of your business, IT teams are facing increased pressure to navigate the challenges of COVID-19," said Neil Kumaran, products manager for Gmail, and Sam Lugani, lead …

  1. Dr_N Silver badge
    Trollface

    They added that "bad actors" have leapt upon the "uncertainty surrounding the pandemic".

    I don't agree with his views, but wouldn't say Woody Harleson was a particularly bad one. At least not compared to some others.

  2. SimonF

    Pointless

    That's like your wife coming home and saying "I've saved £400 on this coat in the sales"

    The number that matters is how many have they let through?

    1. Jan 0

      Re: Pointless

      > The number that matters is how many have they let through?

      It would be so nice if Google could return 20 million emails to every spammers' real mailbox.

      1. P. Lee

        Re: Pointless

        I get far more spam to my google account than my self-hosted postfix server which has no spam filters beyond spf.

        1. IneptAdept

          Re: Pointless

          Literally this ...

          The email account I get most spam to and the one least used is my Gmail

          1. JCitizen
            Megaphone

            Re: Pointless

            That is exactly what I was thinking reading this article - if Google is so good at this game, how come they can't reduce the spam in my GMAIL account? In fact I quit using it, and just keep it as a junk email account now.

            Windows gets a lot of flak, but their Outlook web based email at live(dot)com is the best I've ever used. I might get two to three junk mails every two weeks; but just lately I've received at least three PayPal phishing attempts in one week! I reported all of them to PayPal's spoof address, and marked them as such so Outlook would recognize them next time, and they have stopped for now.

  3. Pascal Monett Silver badge

    I'm getting Amazon spam

    I am regularly getting emails purporting to be from Amazon telling me that I have been unjustly charged twice and a refund is available if I click the link.

    First of all, at this point in time I am not dealing with Amazon. Second, if Amazon had indeed charged me twice, they could reverse the additional charge without me even knowing about it until I checked my bank account.

    It is frankly astonishing how little logic people use when confronted with this sort of thing.

    1. gerdesj Silver badge
      Childcatcher

      Re: I'm getting Amazon spam

      Have you got any form of anti spam thingie looking at your mail feed? I can recommend Exim for the basics (lol) and a damn fine MTA, backed with rspamd for the heavy spammy check lifting.

  4. MiguelC Silver badge
    Facepalm

    It doesn't help that when you click on a Zoom meeting link in an e-mail, it downloads a small .exe file that, when run, connects you to the Zoom meeting. They're effectively training users to download and execute random files

    1. J. Cook Silver badge

      GotoMeeting's in the same boat; the 'helper' app is essentially their meeting launcher that's built on the fly to connect to that specific meeting number.

      Webex, while it also has a helper app, is a 'one and done' type of install- install it once, and you are good to go for all webex meetings.

    2. gerdesj Silver badge

      Jitsi does the same job and so does Big Blue Button. You have options.

  5. Kevin McMurtrie Silver badge

    Nothing changed

    Almost all of the spams I receive are still using Gmail accounts for replying. About half of those have been around for months - Google's search engine has even indexed them from blacklist sites.

  6. Anonymous Coward
    Anonymous Coward

    This article raised so many questions for me. First, is a "scan" message merely a typo for spam. Then there's all the huge numbers of blocked messages with no way to verify them. And how does one verify a url before clicking on a link to it?

    1. JCitizen
      Boffin

      And how does one verify a url before clicking on a link to it?

      Several ways, but the two methods I use are to hover my mouse over the link to see what is the actual address; IIRC all browsers have this service, I look in the lower left corner of the Chrome window to see what the actual URL is, and see if it matches. Another method I use if they do match, is copy the link to a web search engine that supports Web Of Trust (WOT); this way I can see their reputation if they have one. So many new dodgy sites come up every day, that most of them will be unknown, but it is better than nothing. McAfee's Site Advisor used to be better, but the company has become a Potentially Unwanted Program (PUP) lately, and I just couldn't stand it any longer.

      CORRECTION: the name was changed to "WebAdvisor". {McAfee}

  7. Jos V

    Old school spam

    I'm starting to get almost on a daily basis again the classic "we have installed an app that activates your camera and recording you "touching yourself in an indecent manor", send money to BC address [bc1q0x0rdt4znhspvxlm8cahtdntxtrhse2f2slhet] or we send the material to your contact list" mails again.

    It even includes a -very- old password in the subject header, that probably came from the LinkedIN data breach a while back. The last 4 it was always that same BC address, but different email sender.

    It's reported a couple of times on bitcoinabuse.com

    Several of my friends are getting the same thing happening now, with again, the same BC address.

    When looking at the source of the email (I know, don't tell me), the originator IPs all come from Microsoft (Outlook) domain, so good job MS (not). Also targeting my outlook email.

    1. David 132 Silver badge
      Happy

      Re: Old school spam

      LOL at ”touching yourself in an indecent manor.... the filthy habits of the aristocracy, eh? Tch!

      1. Jos V

        Re: Old school spam

        Ha, good catch :-)

        I wish I were in a manor.

        Cheers, Jos

  8. one crazy media

    and they all went to Facebook

    and 190 million went to Facebook!

    Thank you, thank you Zukerberg, they all chanted!

  9. PatrickSmith

    I added this spam filter recently and it's doing a good job. https://www.netsec.news/spam-filtering-for-business/

    However I'm wary of the full security provision as I know there are new strains of attack being created on a daily basis and I'm not sure if this will continue to do such a good job.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

  • Google has more reasons why it doesn't like antitrust law that affects Google
    It'll ruin Gmail, claims web ads giant

    Google has a fresh list of reasons why it opposes tech antitrust legislation making its way through Congress but, like others who've expressed discontent, the ad giant's complaints leave out mention of portions of the proposed law that address said gripes.

    The law bill in question is S.2992, the Senate version of the American Innovation and Choice Online Act (AICOA), which is closer than ever to getting votes in the House and Senate, which could see it advanced to President Biden's desk.

    AICOA prohibits tech companies above a certain size from favoring their own products and services over their competitors. It applies to businesses considered "critical trading partners," meaning the company controls access to a platform through which business users reach their customers. Google, Apple, Amazon, and Meta in one way or another seemingly fall under the scope of this US legislation. 

    Continue reading
  • Hangouts hangs up: Google chat app shuts this year
    How many messaging services does this web giant need? It's gotta be over 9,000

    Google is winding down its messaging app Hangouts before it officially shuts in November, the web giant announced on Monday.

    Users of the mobile app will see a pop-up asking them to move their conversations onto Google Chat, which is yet another one of its online services. It can be accessed via Gmail as well as its own standalone application. Next month, conversations in the web version of Hangouts will be ported over to Chat in Gmail. 

    Continue reading
  • It's a crime to use Google Analytics, watchdog tells Italian website
    Because data flows into the United States, not because of that user interface

    Updated Another kicking has been leveled at American tech giants by EU regulators as Italy's data protection authority ruled against transfers of data to the US using Google Analytics.

    The ruling by the Garante was made yesterday as regulators took a close look at a website operator who was using Google Analytics. The regulators found that the site collected all manner of information.

    So far, so normal. Google Analytics is commonly used by websites to analyze traffic. Others exist, but Google's is very much the big beast. It also performs its analysis in the USA, which is what EU regulators have taken exception to. The place is, after all, "a country without an adequate level of data protection," according to the regulator.

    Continue reading
  • End of the road for biz living off free G Suite legacy edition
    Firms accustomed to freebies miffed that web giant's largess doesn't last

    After offering free G Suite apps for more than a decade, Google next week plans to discontinue its legacy service – which hasn't been offered to new customers since 2012 – and force business users to transition to a paid subscription for the service's successor, Google Workspace.

    "For businesses, the G Suite legacy free edition will no longer be available after June 27, 2022," Google explains in its support document. "Your account will be automatically transitioned to a paid Google Workspace subscription where we continue to deliver new capabilities to help businesses transform the way they work."

    Small business owners who have relied on the G Suite legacy free edition aren't thrilled that they will have to pay for Workspace or migrate to a rival like Microsoft, which happens to be actively encouraging defectors. As noted by The New York Times on Monday, the approaching deadline has elicited complaints from small firms that bet on Google's cloud productivity apps in the 2006-2012 period and have enjoyed the lack of billing since then.

    Continue reading
  • I was fired for blowing the whistle on cult's status in Google unit, says contractor
    The internet giant, a doomsday religious sect, and a lawsuit in Silicon Valley

    A former Google video producer has sued the internet giant alleging he was unfairly fired for blowing the whistle on a religious sect that had all but taken over his business unit. 

    The lawsuit demands a jury trial and financial restitution for "religious discrimination, wrongful termination, retaliation and related causes of action." It alleges Peter Lubbers, director of the Google Developer Studio (GDS) film group in which 34-year-old plaintiff Kevin Lloyd worked, is not only a member of The Fellowship of Friends, the exec was influential in growing the studio into a team that, in essence, funneled money back to the fellowship.

    In his complaint [PDF], filed in a California Superior Court in Silicon Valley, Lloyd lays down a case that he was fired for expressing concerns over the fellowship's influence at Google, specifically in the GDS. When these concerns were reported to a manager, Lloyd was told to drop the issue or risk losing his job, it is claimed. 

    Continue reading
  • Google recasts Anthos with hitch to AWS Outposts
    If at first you don't succeed, change names and try again

    Google Cloud's Anthos on-prem platform is getting a new home under the search giant’s recently announced Google Distributed Cloud (GDC) portfolio, where it will live on as a software-based competitor to AWS Outposts and Microsoft Azure Stack.

    Introduced last fall, GDC enables customers to deploy managed servers and software in private datacenters and at communication service provider or on the edge.

    Its latest update sees Google reposition Anthos on-prem, introduced back in 2020, as the bring-your-own-server edition of GDC. Using the service, customers can extend Google Cloud-style management and services to applications running on-prem.

    Continue reading
  • FTC urged to probe Apple, Google for enabling ‘intense system of surveillance’
    Ad tracking poses a privacy and security risk in post-Roe America, lawmakers warn

    Democrat lawmakers want the FTC to investigate Apple and Google's online ad trackers, which they say amount to unfair and deceptive business practices and pose a privacy and security risk to people using the tech giants' mobile devices.

    US Senators Ron Wyden (D-OR), Elizabeth Warren (D-MA), and Cory Booker (D-NJ) and House Representative Sara Jacobs (D-CA) requested on Friday that the watchdog launch a probe into Apple and Google, hours before the US Supreme Court overturned Roe v. Wade, clearing the way for individual states to ban access to abortions. 

    In the days leading up to the court's action, some of these same lawmakers had also introduced data privacy bills, including a proposal that would make it illegal for data brokers to sell sensitive location and health information of individuals' medical treatment.

    Continue reading
  • Google: How we tackled this iPhone, Android spyware
    Watching people's every move and collecting their info – not on our watch, says web ads giant

    Spyware developed by Italian firm RCS Labs was used to target cellphones in Italy and Kazakhstan — in some cases with an assist from the victims' cellular network providers, according to Google's Threat Analysis Group (TAG).

    RCS Labs customers include law-enforcement agencies worldwide, according to the vendor's website. It's one of more than 30 outfits Google researchers are tracking that sell exploits or surveillance capabilities to government-backed groups. And we're told this particular spyware runs on both iOS and Android phones.

    We understand this particular campaign of espionage involving RCS's spyware was documented last week by Lookout, which dubbed the toolkit "Hermit." We're told it is potentially capable of spying on the victims' chat apps, camera and microphone, contacts book and calendars, browser, and clipboard, and beam that info back to base. It's said that Italian authorities have used this tool in tackling corruption cases, and the Kazakh government has had its hands on it, too.

    Continue reading
  • Brave Search leaves beta, offers Goggles for filtering, personalizing results
    Freedom or echo chamber?

    Brave Software, maker of a privacy-oriented browser, on Wednesday said its surging search service has exited beta testing while its Goggles search personalization system has entered beta testing.

    Brave Search, which debuted a year ago, has received 2.5 billion search queries since then, apparently, and based on current monthly totals is expected to handle twice as many over the next year. The search service is available in the Brave browser and in other browsers by visiting search.brave.com.

    "Since launching one year ago, Brave Search has prioritized independence and innovation in order to give users the privacy they deserve," wrote Josep Pujol, chief of search at Brave. "The web is changing, and our incredible growth shows that there is demand for a new player that puts users first."

    Continue reading
  • Makers of ad blockers and browser privacy extensions fear the end is near
    Overhaul of Chrome add-ons set for January, Google says it's for all our own good

    Special report Seven months from now, assuming all goes as planned, Google Chrome will drop support for its legacy extension platform, known as Manifest v2 (Mv2). This is significant if you use a browser extension to, for instance, filter out certain kinds of content and safeguard your privacy.

    Google's Chrome Web Store is supposed to stop accepting Mv2 extension submissions sometime this month. As of January 2023, Chrome will stop running extensions created using Mv2, with limited exceptions for enterprise versions of Chrome operating under corporate policy. And by June 2023, even enterprise versions of Chrome will prevent Mv2 extensions from running.

    The anticipated result will be fewer extensions and less innovation, according to several extension developers.

    Continue reading

Biting the hand that feeds IT © 1998–2022