It's hard to avoid news about the COVID-19 coronavirus these days, and government-backed attack groups are taking advantage of the pandemic to trick healthcare and government workers into giving up Gmail passwords.
Google's Threat Analysis Group (TAG), which tracks state-backed hackers, says one group has started using free meals and coupons supposedly from fast-food franchises to lure US government workers into exposing their Gmail credentials.
The tactic appears to exploit the US government's decision to categorize fast-food workers as essential during the pandemic. In March, top execs from major US fast-food chains had a call with US president Donald Trump about keeping drive-thru and delivery services open during the outbreak.
Some phishing email messages try to convince targets to browse to sites masquerading as online and food delivery services. If victims click the email, they see a phishing page designed to capture their Google account credentials.
TAG says it's found over a dozen government-backed attacker groups using COVID-19 themes in phishing and malware attacks that aim to get targets to click on malicious links and download files.
TAG is responsible for detecting phishing and malware attempts from government-backed attackers, which allows Google to issue the targeted person a notification that government-backed attackers may be trying to steal that individual's password.
The TAG team has also found a new activity that backs up a Reuters report this month that Iranian government-backed hackers have been targeting the World Health Organization.
TAG's Shane Huntley said the company had placed extra protections on more than 50,000 high-risk accounts. These include higher thresholds for Google Account sign-in and recovery.
Interestingly, as responses to the new coronavirus took hold over March, the number of accounts Google warned fell below historical trends. In March it issued 3,538 warnings, compared with over 4,100 warnings in both January and February.
"While it's not unusual to see some fluctuations in these numbers, it could be that attackers, just like many other organizations, are experiencing productivity lags and issues due to global lockdowns and quarantine efforts," said Huntley.