<< Prev. Email: Spam or Scam Emails

During the COVID-19 lockdown time, the phishing activity has increased; hence you need to be more vigilant with unknown emails.

“Prevention is better than cure.”

If your anti-virus or anti-malware mark an email as scam, fraud or phishing, do not try to click on its URL's or open an attachment, as they may infect the system. A lot of businesses have lost millions of dollars to redeem their affected companies or corporations.

Somebody opens the attachment looking like a Word or Excel file, and then a hidden malicious file encrypts all the files and folders and infects the system with ransomware. Later the hacker starts the extortion process and provides a bitcoin address and amount to transfer to redeem.

Google Initiative to Control Email threats

  • Put the proactive monitoring in place for COVID-19-related malware and phishing across systems and workflows. G Suite users automatically have advanced phishing, and malware controls are turned on by default as proactive protection.
  • Identify the threat and add it to the Safe Browsing API to protect Gmail, Chrome, and other integrated product users.
  • Display warning banner for emails with unusual attachment types and trying to spoof the user's domain. Gmail sends them to spam or quarantine them.
  • Scan linked images and identify links behind shortened URLs
  • It protects against:
    • documents that contain malicious scripts that can harm devices 
    • attachment file types that are uncommon for a user's domain
    • sender's name is in the G Suite directory, but the email isn't from the user's company domain or domain aliases
  • Phishing and malware emails routed to new or existing quarantine
  • According to Google, it is necessary to implement DMARC (Domain-based Message Authentication, Reporting, and Conformance) and highlight the necessity of email authentication to improve security, making it harder for bad actors to impersonate the who.int domain.
  • Preventing malicious emails from reaching the recipient's inbox while ensuring legitimate communication gets through.

>> Next Page: Vigilance Against hacking Activity