VentureBeat and ZDNet reported this afternoon that Google’s saying it blocked 18 million COVID-19 themed phishing emails last week. The blocked COVID-19 phishing emails targeting Gmail users represent about 2.5% of the 100 million phishing emails Google blocks daily. They also say they’re blocking 240 million COVID-related daily spam messages each day.
On the other hand, hackers use Gmail accounts with spoof names in BEC fraud, and to associate Gmail accounts with phishing links, in phishing campaigns. Google gets to virtue-signal while playing both sides of the fence. Google is also using the “https:” certificate requirement as part of their browser war with Apple and Microsoft, kidding people into thinking encrypted browser sessions to keep people secure when using Chrome. Over 80% of phishing sites use certificates. People must always ask themselves what is in it for Google.
Relying on email filters, crypto and firewalls to protect remote workers from opening the door to cybercrime are naïve.
Hackers only have to get lucky once and they are winning hands down. Patching people is the only way that we are going to win the war on cybercrime.