Dozens of government-backed groups are using COVID-19 themes as lures for phishing and malware scams, Google’s Threat Analysis Group (TAG) warned today. One campaign sent fake messages from fast food chains to US government employees. That phishing attempt offered free meals and coupons in response to COVID-19 and sent links to bogus online ordering and delivery options in an attempt to get Google account credentials.
TAG says it’s not aware of any accounts being compromised by that campaign. The vast majority of the messages were sent to spam or blocked by domains using Safe Browsing.
The fact that government-backed groups are using COVID-19 to spread malware and snag credentials is disturbing, but it’s not surprising. This morning The New York Times reported that US officials believe China-backed operatives helped spread COVID-19 misinformation in an attempt to sow discord across the country. And we’ve already seen COVID-19 scams, like the one that may have stolen millions from the German government.
“Generally, we’re not seeing an overall rise in phishing attacks by government-backed groups; this is just a change in tactics,” Google’s TAG team wrote.
TAG has also seen an increase in cybercrime attempts on international and national health organizations, like emails that link to a domain spoofing the World Health Organization’s login page. In response, TAG is adding a higher threshold for Google Account sign in and recovery to more than 50,000 high-risk accounts.
And to support the larger security research community, Google is offering more than $200,000 in grants as part of a new Vulnerability Research Grant for COVID-19 fund. It says it expects to see new lures and schemes and will continue working to fight them.