As Google announces that 18 million hoax emails per day are being sent by scammers to Gmail accounts, cloud solutions specialist Babble has released advice on how to recognise and avoid phishing emails.
Phishing emails are designed by criminals to try to hoodwink users into revealing personal data. Google has recently revealed that it is blocking 100 million emails of this type every day, with almost a fifth of these being linked to coronavirus as scammers vie to cash-in on the pandemic. However, Babble is hoping to help stand in the way, particularly in aid of business employers and employees working from home.
Individuals are being sent a wide range of emails impersonating authorities, such as the World Health Organization [WHO], to entice victims into downloading software or donating to fake causes. Some scammers are also imitating government institutions offering support packages.
Google has said that its machine-learning tools are able to block more than 99.9 per cent of emails from reaching its users. However, for those malicious messages that do slip through the net, Babble's chief executive Matthew Parker has issued advice on how to avoid them on the firm's company blog.
Parker wrote: “To put it simply: cybercriminals are sending emails claiming to be from legitimate organisations with information about the coronavirus, offering help and guidance.
“The emails might ask you to open an attachment to see the latest statistics, or maybe even trick you into thinking they’ve found a cure. If you choose to click on the attachment or embedded link, you’re likely to download malware onto your device that could put you and your business in danger.
“The malicious software could allow cybercriminals to take control of your computer, log your keystrokes, access your camera, search history or even access your personal information and financial data, which could lead to identity theft”, Parker warns.
However, this is not a new and unique approach, but rather a new tactic deployed by cyber-criminals to capitalise on the panic and misinformation brought about in the midst of the pandemic.
Some basic guidance Parker recommends for avoiding such emails is to be wary of any online requests for personal information, look out for generic greetings at the head of emails that do not refer to the recipient by name, and avoid emails that are insistent that the recipient act quickly.
Parker says: “A coronavirus-themed email that seeks personal information like your national insurance number or login information is a phishing scam. Never respond to the email with your personal data.
“Look out for generic greetings. Phishing emails are unlikely to use your name. Greetings like ‘Dear sir or madam’ signal an email is not legitimate.
“Also avoid emails that insist you act now. Cyber criminals often try to create a sense of urgency; their goal is to get you to click on a link and provide personal information as soon as possible. Instead, delete the message.”
Other simple tips Parker recommends for identifying malicious emails include looking at the address or links within the email without clicking on it, since often it is quite clear the address is not legitimate. Equally, spelling and grammatical errors within such emails are another potential giveaway.
Parker advises: “Check the email address or link. You can inspect a link by hovering your mouse button over the URL to see where it leads. Sometimes, it’s obvious the web address is not legitimate. But keep in mind phishers can create links that closely resemble legitimate addresses. Delete the email.
“Keep an eye out for spelling and grammatical mistakes. If an email includes spelling, punctuation, and grammar errors, it’s likely a sign you’ve received a phishing email. Delete it immediately.”