Google is Blocking 18 Million Coronavirus Scam Emails Every Day (bbc.com) 28
1.5 billion people use Gmail, according to a recent article in the BBC. And every day millions of them receive an email about a coronavirus scam:
Scammers are sending 18 million hoax emails about Covid-19 to Gmail users every day, according to Google... The company said it was blocking more than 100 million phishing emails a day. Over the past week, almost a fifth were scam emails related to coronavirus. The virus may now be the biggest phishing topic ever, tech firms say...
The growth in coronavirus-themed phishing is being recorded by several cyber-security companies. Barracuda Networks said it had seen a 667% increase in malicious phishing emails during the pandemic...
Google claims that its machine-learning tools are able to block more than 99.9% of [scam] emails from reaching its users.
The growth in coronavirus-themed phishing is being recorded by several cyber-security companies. Barracuda Networks said it had seen a 667% increase in malicious phishing emails during the pandemic...
Google claims that its machine-learning tools are able to block more than 99.9% of [scam] emails from reaching its users.
Gmail shouldn't be bragging. (Score:3)
The company I work for has properly set up SPF/DKIM/DMARC and yet in our gmail-powered company email some high up employees often get phishing emails asking for bank transfers (with excuses like payroll etc) delivered directly to their inbox (not even spam) with "from" fields like: accounts@ourcompany.com with a "via sendgrid.net" or similar line underneath.
So, all Gmail does with all the authentication SPF/DKIM/DMARC stuff is add a small "via" line under the "from" field. The obvious phishing email is not marked as dangerous and delivered to the inbox directly, where I would guess some not very careful/savvy employees might fall for it - given what we read in the news about such scams.
I wouldn't brag if I were Google, if they are blocking 100 million emails a day, it means they are allowing billions a day to come through.
Re: (Score:3)
Being that Gmail is a service meant for general public usage. While your companies email is mostly setup for Business to Business email.
For your company, a false positive isn't a big deal, and normally you can go to the person who failed to send that email to you. Tell them to upgrade their email server to do this and that, or you can add them to a white list.
You can't do that with general usage emails. As there are legit emails being sent to people from bad servers, and sometimes with seemingly shady cont
Re: (Score:2)
I do not understand what you are saying. If a domain has SPF/DKIM set up, it means that the domain owner expects legitimate emails from this domain to come from specific IP addresses and to have a signature. If an email purporting to come from that domain comes from a different IP and with now signature it is definitely suspicious. Gmail, in our case at least, and from a paid company account, does not even flag such an email in an obvious way (except that "via" line - which is not very visible).
Your suggest
Re: (Score:2)
Depends on the DMARC settings, can be confusing (Score:2)
SPF works on the "envelope from", which is NOT the from address that is visible to the sender.
DMARC says what to do if the header from doesn't match, and reject isn't the only choice. In fact it's not the choice one should start with in many cases. One should first set it to flag such messages, then only after confirming none are flagged should it be changed to reject.
It's not unheard of for an admin to set up DKIM in test mode and forget to switch it to reject mode.
Re: (Score:1)
> So, all Gmail does with all the authentication SPF/DKIM/DMARC stuff is add a small "via" line under the "from" field.
Google/Gmail are blocking SPF fails and softfails and throttling SPF neutrals. They are overzealous in their SPF part in "sender authentication". If they are ignoring DKIM or running DMARC/SPF checks against envelope sender instead of From, then it would be other side of story and you should be checking how people manage to bypass your DMARC policy.
Re: (Score:2)
Re: (Score:2)
Do you get access to sysadmin logs on G Suite?
I am not a sysadmin - not my area, so I had no part in setting up DMARC, I did however use a service that claims to test it by sending an email, just to make sure our sysadmins are not BSing me. It seemed happy enough, what can I say...
Nigerian prince here. (Score:4, Funny)
Re: (Score:1)
Not only have I been getting more spam emails from Google every day, it kept marking nearly any emails I get from conservative sources as "spam".
Examples are NRA, official Trump PACs, and emails from conservative Congresscritters like Rand Paul and others.
Repeatedly flagged as spam by Google.
Never liberal sources (though I receive emails from them, too). Only politically conservative sources were marked as spam.
I consider that to be despicable. Th
So that's why none of my scams have worked (Score:2)
Clearly they're in on it (Score:1)
mumble mumble hoax mumble mumble chinks mumble mumble black helicopter mumble mumble agenda 51 mumble mumble 5g mumble mumble
when is google going to clean their own house (Score:2)
Good enough to be dangerious (Score:2)
The problem with the computing industry is the learning curve involved. It doesn't follow a simple curve or a line. There is a slight curve to get you into a good with the computer category, enough to get you to a point where you can write programs, that are useful. Then the curve flattens for a while where you are good enough to be dangerous. Most people can get to this level from normal internet searches, and youtube videos (Back in my day, I large book on a programming language did the trick). This l
Really? (Score:2)
Blocking Non-COVID (Score:3)
I understand what people mean when they say Google is getting too big.
Only 18 million a day? (Score:1)
Must be a slow week in scammerville.
Where are the "freedom of speech" defenders ? (Score:2)
Where are the "freedom of speech" defenders in this thread ? Isn't Google blocking spam a form of "censorship" ?
Don't the usual arguments apply in this situation also ? Big corporation unilateraly and selectively removing information transiting through its platform. What arguments are they basing their decision on ? Who judges what is "spam" and what is not ? How do they know what is a "hoax" and what is legitimate information ? And doesn't the same apply to all email ? How do they know that my treatement a
Re: Where are the "freedom of speech" defenders ? (Score:1)
No.
I have hired Google to filter unsolicited email. They are doing a respectable job fulfilling their contractual obligations in this regard sufficiently so that I no longer need to run my own server.
Any other questions about the first amendment and censorship? I suggest you read it.
Re: (Score:2)
By "I have hired Google", don't you mean "I have created a gmail address and accepted Google's TOS by clicking 'I Accept' " ?
How is that different than creating a facebook or twitter account by clicking 'I Accept' to their TOS, which, by the way, if you read it, means that you accept that they are free to remove (or for that matter, do whatever the fuck they want to do with) any post they choose, for any reason whatsoever ?
In all cases, you chose to use a free service by accepting the TOS of that service. S
Re: Where are the "freedom of speech" defenders ? (Score:1)
Re: Where are the "freedom of speech" defenders ? (Score:1)
They do.
And google is fucking cancer.
I'm an adult I can decide what I want and don't.
And I sure don't want google.
Thermometers, thermometers, thermometers! (Score:2)