Google on April 22 shared that it has come across 18 million malware and phishing Gmail messages per day concerning COVID-19, besides over 240 million COVID-related daily spam messages.

Google’s Threat Analysis Group (TAG) pointed out more than a dozen government-backed attacker groups using COVID-19 themes as an attraction for phishing and malware tries — attempting to catch their targets to click malicious links and download files.

“Our machine learning models have evolved to understand and filter these threats, and we continue to block more than 99.9 percent of spam, phishing, and malware from reaching our users,” stated Shane Huntley from Threat Analysis Group.

The TAG team also came across new, COVID-19-specific targeting of international health organizations, including activity that confirms reporting in Reuters earlier this month and is consistent with the threat actor group often referred to as Charming Kitten.

One notable initiative aimed to target personal accounts of US government employees with phishing lures using American fast-food franchises and COVID-19 messaging.

Some messages offered free meals and coupons in response to COVID-19 while others suggested recipients visit sites disguised as online ordering and delivery options.

Once people clicked on the emails, they were presented with phishing pages designed to trick them into providing their Google account credentials.

The tech giant said that as the world continues to respond to COVID-19, it expects to see new lures and schemes.