As people around the world are staying at home due to COVID-19, many are turning to new apps and communications tools to work, learn, access information, and stay connected with loved ones.
While these digital platforms are helpful in our daily lives, they can also introduce new online security risks. Our Threat Analysis Group continually monitors for sophisticated hacking activity, and our security systems have detected a range of new scams such as phishing emails posing as messages from charities and NGOs battling COVID-19, directions from “administrators” to employees working from home, and even notices spoofing healthcare providers. During the past couple of weeks across the globe, our advanced machine-learning classifiers have seen 18 million daily malware and phishing attempts related to COVID-19, in addition to more than 240 million COVID-related spam messages.
To protect you from these risks, we've built advanced security protections into Google products to automatically identify and stop threats before they ever reach you. Our machine learning models in Gmail already detect and block more than 99.9 percent of spam, phishing and malware. The security we have built into Chrome browser also protects you by alerting you before you enter fraudulent websites, Google Play Protect automatically scans apps and data on your Android device so that you have the latest in mobile security, and more.
But we want to help you stay secure everywhere online, not just on our products, so we’re providing these simple tips, tools and resources.
Know how to spot and avoid COVID-19 scams
With many of the COVID-19 related scams coming in the form of phishing emails, it’s important to pause and evaluate any COVID-19 related email before clicking any links or taking other actions. Be wary of requests for personal information such as your home address or bank details. Fake links often imitate established websites by adding extra words or letters to them—check the URL’s validity by hovering over it (on desktop) or with a long press (on mobile). See the image below for a few key tips to be aware of.
Use a password manager to create and store strong passwords
With all the new applications and services you might be using for work and school purposes, it can be tempting to use just one password for all. To keep your private information private, always use unique, hard-to-guess passwords. A password manager, like the one built into Android, Chrome, and your Google Account can help make this easier.
Protect your Google Account
If you use a Google Account, you can easily review any recent security issues and get personalized recommendations to help protect your data and devices with the Security Checkup. Within this tool, you can also run a Password Checkup to learn if any of your saved passwords for third party sites or accounts have been compromised, and then easily change them if needed.
You should also consider adding two-step verification (also known as two-factor authentication), which you likely already have in place for online banking and other similar services, to provide an extra layer of security. This helps keep out anyone who shouldn’t have access to your accounts by requiring a secondary factor on top of your username and password to sign in. To set this up for your Google Account, go to g.co/2SV. And if you’re someone who is at risk of a targeted attack—like a journalist, activist, politician or a high profile healthcare professional—enroll in the Advanced Protection Program, our strongest security offering, at g.co/advancedprotection.
Our teams continue to monitor the evolving online security threats connected to COVID-19 so that we can keep you informed and protected. For more tips to help you improve your online security, visit our Safety Center.