Scammers are exploiting coronavirus uncertainty to target your email, Google warns


The amount of COVID-19 related phishing emails Google saw last week.

Gareth Fuller - PA Images/PA Images/Getty Images

Email scammers are exploiting people's fear and uncertainty around COVID-19 as their latest phishing tactic. Gmail saw more than 18 million malware and phishing emails related to coronavirus last week alone, according to Google. Another 240 million daily spam messages of a more innocuous nature are related to the virus.

The scams are basically no different than your typical phishing scam, but take advantage of the unique circumstances that the world is facing under a pandemic. The U.S. is reaching near depression-era unemployment numbers, with the government racing to stimulate the economy with direct cash payments to citizens and payroll loans for businesses. Meanwhile, those who still have their jobs have largely switched to working from home. This all means a lot of people are adjusting to a new normal and may be susceptible to opening emails they might not have otherwise.

Humans suck sometimes — Many of the scams impersonate government organizations like the World Health Organization to solicit donations. Or they pretend to offer information on the stimulus payments that the United States and other countries are distributing to desperate citizens under sudden cash binds. As people frantically hit the IRS website trying to find out when they'll get their money, you can see how one might unwittingly click a fraudulent link in an email that's made to look like an official IRS communication.

Google says that its Gmail spam filter catches more than 99.9 percent of such emails, and that the company is working with the WHO to implement new technology that will make it difficult for scammers to impersonate the organization's email.

Google advises you follow its standard recommendations regarding scam and phishing threats. Be wary to click any links in emails you weren't expecting, and scrutinize the URLs closely as they're often made to be just slightly different from a company's legitimate address.