As people around the world are staying at home due to COVID-19, many are turning to new apps and communications tools to work, learn, access information, and stay connected with loved ones.
While these digital platforms are helpful in our daily lives, they can also introduce new online security risks. Google’s Threat Analysis Group continually monitors for sophisticated, hacking activity and is seeing new COVID-19 messaging used in attacks, and our security systems have detected a range of new scams such as phishing emails posing as messages from charities and NGOs battling COVID-19, directions from “administrators” to employees working from home, and even notices spoofing healthcare providers.
Google’s systems have also spotted malware-laden sites that pose as sign-in pages for popular social media accounts, health organizations, and even official coronavirus maps. During the past few weeks, our advanced, machine-learning classifiers have seen 18 million daily malware and phishing attempts related to COVID-19, in addition to more than 240 million COVID-related spam messages.
To protect people from these risks, we’ve built advanced security protections into Google products to automatically identify and stop threats before they ever reach you. Our machine learning models in Gmail already detect and block more than 99.9 percent of spam, phishing, and malware. Our built-in security also protects you by alerting you before you enter fraudulent websites, scanning apps in Google Play before you download, and more. But we want to help you stay secure everywhere online, not just on our products, so we’re providing these simple tips, tools, and resources for you.
How to spot and avoid scams
With many of the COVID-19 related scams coming in the form of phishing emails, it’s important to pause and evaluate any COVID-19 email before clicking any links or taking other action. Be wary of requests for personal information such as your home address or bank details. Fake links often imitate established websites by adding extra words or letters to them—check the URL’s validity by hovering over it (on desktop) or with a long press (on mobile). Keep these downloadable tips handy and learn more at g.co/covidsecuritytips (also available in Urdu).
- Know how scammers may reach you – scammers are taking advantage of the increase in Google Play by disguising their scams as legitimate messages about the virus. Alongside emails, scammers may also use text messages, automated calls, and malicious websites to reach you.
- Visit authoritative websites directly. Scammers often pose as well-known, trusted, and authoritative sources. Directly visit sources like covid.gov.pk to get the latest factual information about COVID‑19.
- Be cautious of requests for personal or financial information. If you receive an unsolicited request for personal or financial information, take extra time to evaluate the message. Scammers will often ask you to input login information or share bank details and addresses with them. They may also request payment via bank transfer or virtual currency.
- Donate directly through nonprofit organizations. Some scams take advantage of goodwill, requesting donations for COVID‑19 relief efforts. Do some research to make sure the nonprofit is legitimate. Scammers can also pose legitimate nonprofits. To be more confident your money will reach a nonprofit, you can donate directly through their website ─ rather than clicking a link sent to you.
- Double-check links and email addresses before clicking, Fake links often imitate established websites by adding extra words or letters. If it says something like “click here,” hover over the link or long-press the text to check the URL for mistakes ─ being careful not to click it. Misspelled words or random letters and numbers in the URL or email address may also indicate a scam.
- Search to see if it’s been reported. If somebody has sent you a fraudulent message, it’s likely they’ve sent it to other people as well. Copy and paste the email address, phone number, or most suspicious portion of the message into a search engine to check if it’s been reported by others.
- Add an extra layer of security to your account. For extra protection online, add two-factor authentication — also known as 2-step verification — to your accounts. This provides another layer of security by requiring two steps to gain access to your account: for example, something you know (your password) and something you physically have on hand (like your phone or a security key).