Google

More Warnings Over Scams Aimed at Zoom, Teams and Meet Users

Reports indicate that hackers are still using domains related to popular remote, collaborative working platforms to target users working from home with phishing scams during the lockdown.

Domains

Almost as soon as the lockdown started, there were reports at the beginning of April by Cybersecurity company ‘Check Point’  that there had been a major increase in new domains registered that included the word ‘Zoom’ and other suspicious characteristics. It was also reported at the time that the official classroom.google.com website had been impersonated by googloclassroom.com and googieclassroom.com.

Zoom, Teams, and Meet

The most recent Check Point Research shows that scammers have widened their attack strategy by registered domains not just to pose as Zoom, but also as Microsoft Teams, and Google Meet-related URLs.

Check Point Research reports that, in just the last 3 weeks, 2,449 Zoom-related domains have been registered, 32 of which are malicious and 320 categorised as “suspicious”

WHO Impersonated

Check Point Research also shows that scammers have been sending phishing emails posing as the World Health Organisation with malware attachments and asking for donations to the WHO where any payments made go into known, compromised bitcoin wallets.

The WHO now has a page warning about the risk of being targeted with fraudulent email and WhatsApp messages by scammers taking advantage of the COVID-19 pandemic and claiming to be from the WHO. The page gives advice about how to verify authenticity before responding and how to spot and prevent phishing.  See https://www.who.int/about/communications/cyber-security

Nation-State Cyber Espionage To Steal COVID-19 Research

In a more sinister turn, the UK’s National Cyber Security Centre (NCSC) has reported that UK universities and scientific institutes involved in COVID-19 research are being targeted with cyber espionage by nation state-sponsored actors e.g. Russia, Iran, and China, allegedly looking for information about studies conducted by UK organisations related to the COVID-19 pandemic.

Protection

Ways that users can protect their computers/devices, networks and businesses from these types of threats, as suggested by Check Point, include being extra cautious with emails and files from unfamiliar senders, not opening attachments or clicking on links in emails (phishing scams), and by paying close attention to the spelling of domains, email addresses and spelling errors in emails/on websites.  Check Point also suggests Googling the company you are looking for to find their official website rather than just clicking on a link in an email, which could redirect to a fake (phishing) site.

What Does This Mean For Your Business?

Cybercriminals are quick to capitalise on situations where people have been adversely affected by unusual events and where they know people are in unfamiliar territory.  At the moment, people are also divided geographically and are trying to cope with many situations at the same time, may be a little distracted, and may be less vigilant than normal.  As long as the pandemic continues, these types of scams also look set to continue and evolve.  It is also shocking (but perhaps not surprising) to see how nation states appear to be sponsoring attacks on each other’s research institutions to get an advantage in defeating COVID-19.

The message to businesses, however, is that extra vigilance is still needed and that all employees need to be very careful, particularly in how they deal with emails from unknown sources, or from apparently known sources offering convincing reasons and incentives to click on links or download files.

Google Meet ‘Free For Everyone’

Google has entered the video conferencing market fight with the likes of Zoom and Facebook Messenger as it announces that its ‘Google Meet’ premium video conferencing service will soon be free for everyone.

Google Meet

Google Meet is a video conferencing service that, until now, has only been paid for as part of G Suite, Google’s collaboration and productivity solution for businesses, organisations, and schools.

Google says that Meet will be now available free to anyone on the web at meet.google.com and via mobile apps for iOS or Android (Meet apps can be found in the Apple App Store and Google Play Store). It is also possible to join Meet for free via Google Calendar.

100 Million+ Daily Meeting Participants

Google reports that, since January, Meet’s peak daily usage has grown by 30x and, as of April, Meet has been hosting 3 billion minutes of video meetings and adding approximately 3 million new users every day. Google also says that, as of last week, Meet’s daily meeting participants surpassed 100 million. A reported 6 million companies and organisations now use G Suite.

Limit

Even though Google will soon be offering Meet for free, meetings will be limited to 60 minutes for the free product after 30 September.

What’s Free

The services that businesses and organisations can expect to get for free with Meet include free access to Meet’s advanced features (for G Suite customers) including the ability to live stream for up to 100,000 viewers within a domain, free additional Meet licenses for existing G Suite customers and free G Suite Essentials for enterprise customers.

Not Immediately

Businesses and organisations may have to wait a week or two to get free access to Meet as it will be rolled out gradually from next week.

Compared To Zoom

Although using Meet may be a little more demanding than simply clicking on a link (as with Zoom), Google is keen to point out that Meet users have the benefits of advanced security.

What Does This Mean For Your Business?

The current global need for people to work remotely and yet collaborate effectively has led to fierce competition among tech companies looking to gain large numbers of new users e.g. Zoom, Facebook Messenger (now offering a desktop app), and Microsoft wanting to release a consumer edition of Teams.  Google is the next to throw its hat into the ring and is in a good position to do so with a free version of an already popular premium service. Tech companies realise that if they can lead the remote, collaborative working race now they can gain large numbers of new users, many of whom may become loyal and committed to their platforms and could be monetised later. For businesses and other users, there is now a great deal of choice between the options available for free remote and collaborative working platforms and services, and those which are easiest, add the most value, are most effective and secure and are most compatible with existing resources and practices are likely to be favoured going forward.

Google Blocks 18 Million Coronavirus Scam Emails Per Day

Google is reported to have been blocking 100 million phishing emails per day and 18 million email scams relating specifically to coronavirus.

Millions of Scams and Spam Messages Daily

On its Cloud blog on 16th April, Google reported that Gmail blocks more than 100 million phishing emails each day and over the previous week, it had blocked 8 million daily malware and phishing emails related to COVID-19. Google reports that this was in addition to more than 240 million COVID-related daily spam messages.

Types of Scams

Google reports that the types of scam and phishing emails that it had seen and blocked have been using fear and financial incentives to create urgency in order to prompt users to respond. Examples include:

– Impersonating authoritative government organisations e.g. the World Health Organization (WHO) in order to solicit fraudulent donations or distribute malware. In order to achieve this, scammers were reported to be using downloadable files that can install backdoors.

– Phishing attempts targeted at employees operating in a work-from-home setting asking them to complete a form needed for payroll.

– Phishing attempts, imitating government institutions and targeted at small businesses asking them to click on links related to receiving government stimulus packages.

Proactive Monitoring

Google reports that it has put proactive monitoring in place for COVID-19-related malware and phishing across its systems and workflows and that when threats are identified, they are added to its Safe Browsing API to protect users in Chrome, Gmail, and other integrated Google products.

Not New

As Google acknowledges, many of the current threats are not new but are existing malware campaigns that have just been updated to exploit the heightened attention on COVID-19. Last month, for example, reports of phishing emails included:

– An email purporting (as reported by Proofpoint) to be from a doctor offering details of a vaccine cure that’s been kept secret by the Chinese and UK governments.  Clicking on the link promises access to the vaccine cure details.

– Workplace policy emails that target employees in a specific company/organisation and encourage them to click on a link that will take them to their company’s Disease Management Policy.  Clicking on the link will, in fact, download malicious software that can provide a way into the company network.

– As reported by Mimecast, using the promise of a tax refund for coronavirus, directing the target to click on a link to input all their financial and tax information and with the lure of gaining access to (bogus) funds.

– Asking for donations for a fake campaign to fund the fast development of a COVID-19 vaccine.  In this scam, the victim is directed to a bitcoin payment page.

– An email purporting (again, as reported by Proofpoint) to be from the World Health Organization (WHO) that offers a fake document with information about preventing the spread of coronavirus, where clicking on the link actually leads to the downloading of keylogging software (criminals can track your keystrokes to uncover passwords).

– Emails that exploit feelings of panic, such as an email that claims that COVID-19 has become airborne and asks the target to click on a link to a fake Microsoft login page.

Protecting Yourself Against Phishing Attacks

You can protect yourself and your business from phishing emails and others scams by doing the following:

– Keeping your anti-virus software up to date as well as your patching and other software updates e.g. your OS updates.

– Making sure that all staff and employees are given training and/or are made aware of phishing email threats and that they know the procedure for dealing with emails that appear to be suspicious and/or relate to releasing funds/payments, even if they appear to be from someone in the same company.

– Being on the lookout for online requests for personal and financial information e.g. from government agencies, are very unlikely to be sent by email from legitimate sources.

– Looking out for emails with generic greetings, mistakes in spelling and grammar, and/or heavy emotional appeals that urge you to act immediately, as these are all signs of scam and phishing emails.

– Checking the email address by hovering your mouse (without clicking) over the link in the email. This can quickly reveal if the email is genuine.

Google also recommends that its users could benefit from completing a Google ‘Security Check-up’, and that is G Suite Enterprise and G Suite Enterprise for Education users choose to enable Google’s security sandbox.

What Does This Mean For Your Business?

Since the beginning of the COVID-19 outbreak and the subsequent need for businesses and organisations to have their employees work from home, cybercriminals have seen the whole situation as a big opportunity to exploit the uncertainty, heightened emotions, and physical division of workforces.

Now more than ever, therefore, we should all exercise caution when we receive emails from unknown or unusual sources and remember that government agencies and financial institutions don’t send out emails asking for personal and financial information and that any requests for funds or other even slightly unusual requests that appear to come from within the company need to be checked for authenticity.

Companies need to alert employees, many of whom may soon be working from home (if not already) and may have a reduced ability to quickly ask the boss or manager about certain emails, to the threat of phishing emails with a COVID-19 theme and to the threat of social engineering attacks that could take advantage of a physically divided and reduced workforce.

Google’s Drone-Deliveries Boosted By Pandemic

The value of drone delivery services appears to have been realised now that the world’s population centres are in lockdown, with Alphabet’s (Google’s) drone deliveries doubling in test areas in the U.S. and Australia.

What Drone Delivery Service?

Alphabet Inc.’s Wing service offers parcel delivery by special drone aircraft.  In the U.S. the service was approved by the federal government last October but is being operated in a limited test area around Christiansburg, Virginia.  It is operating using partnerships with FedEx Corp., the Walgreens store chain (for medicine, toilet roll and similar deliveries), and with a local bakery and a coffee shop. Wing is also working as part of an approved program with Virginia Tech.

Alphabet’s Wing also has a drone delivery service in the Vuosaari district of Helsinki in Finland and in Canberra, Australia where it delivers goods from a variety of vendors including Mitchell Supermarket, Krofne Donuts and even Drummond Golf (golf balls, tees and gloves).

It is the drone deliveries in the Christiansburg, Virginia area of the U.S. and in Canberra, Australia that are reported to have doubled their deliveries in response to demand from customers who are staying at home.

Other Drone Delivery Services

Wing is, of course, not the only drone delivery service.  Amazon’s Prime Air delivery service, which made test deliveries as far back as 2016 and 2017 still exists but is described by Amazon as “a future delivery system” which has “great potential”, but does seem to have gone somewhat quiet since the much-publicised tests.

In The UK

Drone services are already in operation in the UK, offering a variety of services and performing a number of duties.  In addition to drones used in the promotions and film industries, UK agencies also use drones.  For example, back in 2017, Suffolk Fire and Rescue Service and multi-agency partners (Fire and Rescue, Constabulary, County Council and others) launched a shared drone service to provide a range of aerial surveillance options in support of emergency services and voluntary organisations.

Drones In The Pandemic and Beyond

Reports of other uses of drones in the pandemic and beyond include:

– Reports from Jerusalem that Israeli police have been using drones outside apartment buildings to check whether people who have been ordered to self-isolate are doing so.

– Spanish police and the French police using drones with speakers around public places to warn people to go home.

– The University of South Australia (UniSA) and Canada-based drone technology specialist ‘Draganfly’ teaming up to create a drone that can use sensors and computer vision to spot people with infectious respiratory diseases.

What Does This Mean For Your Business?

Clearly, drone delivery options are still a long way off for most of us, but the pandemic has highlighted more elements of value in them that are being applied in the test areas for local shop deliveries during the pandemic, and for use in disease control on the post-pandemic modern world that we now find ourselves entering.  Drones have also been used for medical purposes (live organ delivery) and could prove valuable again for moving medical and other help into closed-off areas where there is disease in future.

For now, and in the near future, we are still waiting for the tech giants in conjunction with business partners to expand the scale and scope of drone delivery so that it can begin to add value and provide a competitive edge for all kinds of businesses and organisations.

Make Your Own Adverts With YouTube’s Free Video Builder Tool

YouTube has launched YouTube Video Builder, a free tool that enables businesses to easily make short video adverts.

Easy To Use

The new free (beta) Video Builder tool enables users to create video animations from static elements such as images, text and logos, and to enhance those videos with music from YouTube’s (Google’s) library. Users can choose from a variety of layouts, depending on the message and goals, and can customise colours and fonts to quickly generate a short YouTube video of 6 seconds or 15 seconds duration.

Why?

YouTube says that the new tool will be of particular value because businesses of all sizes have limited time and resources and that in-person video shoots “are no longer practical in many countries”.  The YouTube Video Builder may also be of use to brands or agencies who may want to experiment and create supplemental, lightweight videos, and to smaller businesses and businesses with less creative experience, who need an efficient, low-resource way to create videos.

YouTube suggests that the completed videos can be used for advertising campaigns, on websites or in emails.

How It Works & How To Sign Up

You can see how Video Builder works by watching this video or by reading this guide.  YouTube says that you can sign up for access to Video Builder here, but you may have to wait for your application to be processed and to be granted access.

Banning Conspiracy Videos

This is the second positive news announcement in a week from YouTube (Google) after it announced that it is banning all conspiracy videos that promote the idea of a link between 5G and the emergence of the COVID-19 virus.

Good News From Microsoft Too

Microsoft is also promoting some of its own good news this week as it has announced help for UK school students who are working at home in the form of helping the UK’s 27,000 schools run lessons remotely using Microsoft Teams, Office 365, and other software like Minecraft: Education Edition, Flip grid, Skype in the Classroom and InTune.

What Does This Mean For Your Business?

Even though it’s still in the beta stage, a free, easy-to-use video ad-making tool could be a useful, value-adding addition to the promotional tools used by mainly smaller businesses.  Many of these businesses are likely to be under considerable strain with the COVID-19 lockdown and its effects, and there may be many ways in which short, professional-looking video announcements and adverts could come in useful to those businesses in the coming months.  For YouTube (Google), this is another way that they can remind users of the value of its suite of business services at a time when businesses may be spending a lot of time on other competing platforms.

YouTube Bans 5G and COVID-19 Link Conspiracy Videos

After a recent live-streamed interview with David Icke linked the introduction of 5G technology to the emergence of the COVID-19 the pandemic, Google’s YouTube has now banned all 5G conspiracy videos.

5G Theory Far-Fetched

Mr Icke’s interview, which was watched by a reported 65,000 people and in which he alleged a possible link between 5G and the COVID-19 health crisis, appears to have been the ‘straw that broke the camel’s back’ for YouTube.

Among the many controversial elements of the broadcast, Mr Icke appeared to say that a continuation of 5G would lead to the end of human life, and alleged that when a vaccine is developed, it will somehow contain small microchips that will allow those who have been injected with it to be controlled.

Mr Icke’s interview and the resulting questions to YouTube about why the video was allowed on the platform appear to have had a strong influence on YouTube deciding to tighten its policies to the point where other videos with similar claims will now be banned from the platform.

Unsubstantiated Medical Claim Worries

YouTube is now very keen to point out that it will not tolerate videos on its platform that deny/dispute the existence or transmission of COVID-19 as defined by the respected medical authorities i.e. the World Health Organisation (WHO) and local health authorities. YouTube includes in this definition, any videos relating to the 5G and COVID-19 conspiracy theory.

For conspiracy theorists, of course, the banning of their videos is likely to feed even more into their beliefs.

Masts Set Ablaze

The 5G and COVID-19 conspiracy theory is very likely to have been the reason why a number of 5G masts were set on fire recently in Birmingham, Liverpool and Melling in Merseyside.

This led to the UK’s Culture Secretary, Oliver Dowden, to arrange meetings with the representatives of the big tech companies and to ask social media companies to try and increase their efforts to tackle the spread on their platforms, of 5G and Coronavirus conspiracy theory.

What Does This Mean For Your Business?

There will always be those who are more likely to believe and share conspiracy theories and to try to feel in control of complicated situations and ideas by finding an apparently simple solution and apportioning blame.  It must be frustrating and expensive for phone companies to have their masts attacked and many businesses are looking forward to having the benefits of 5G, even though those seem some way off.

Also, it is good to see that Google is prepared to take action quickly in matters which could pose a risk to public health.

Data Reveals Business Worries About Remote Working Challenges

London-based security company Redscan has reported that recent Google searches reveal how businesses are focused on how they can adapt to the security and technology challenges posed by remote working.

Not Prepared

This does appear to show, perhaps not surprisingly, given the speed at which the spread of the COVID-19 virus led to the temporary closure of business premises and a lockdown, that businesses were not fully prepared to manage business continuity and the challenges created by this rather unexpected threat.

COVID-19 Phishing Scams

Redscan reported that, for the first time in many years, ‘COVID-19’ and not ‘Apple’ has become the most searched-for term in relation to phishing campaigns.

Business Continuity

Redscan has also reported that searches for “business continuity plan” reached an all-time high in Google from 8 March to 21 March.  Other searched for terms that hit record-levels included “remote working”, “remote access” and “VPN”.

Redscan’s CTO, Mark Nicholls, says on the company’s website that the popularity of “business continuity” as a search term “suggests that many businesses did not already have a continuity plan in place, and now is hardly an ideal time to implement one”.

Mr Nicolls also highlights how the pandemic has provided cybercriminals with “a unique opportunity to target remote employees” and suggests that “employee cyber awareness training and proactive network and endpoint monitoring are more important than ever”.

Collaborative Working Tools

Search terms relating to popular collaborative working tools such as ‘Zoom’ (the most searched for), GoToMeeting, WebEx, Slack and Microsoft Teams have also seen huge search volumes in Google in recent weeks.

What Does This Mean For Your Business?

The volume of searches for ‘business continuity plan’ suggests that many businesses don’t have one and have been forced into very quickly searching for information about keeping their business going in during the most challenging conditions since WW2.

Last week, research by Check Point indicated that cybercriminals may be targeting the video conferencing app ‘Zoom’ while in recent weeks there have been reports of several different phishing scams going around.  These include emails purporting to be from doctors offering details of a vaccine cure that’s been kept secret by the Chinese and UK governments, emails with fake links to disease management policies, fake promises of tax refunds for coronavirus, and fake emails asking for donations to fund the fast development of a COVID-19 vaccine. It appears, therefore, to be a sound observation from Redscan that employee cyber awareness training and network and endpoint monitoring are more important than ever, and businesses need to be extra vigilant as cybercriminals are seeking to exploit this extraordinary situation to steal data, money, and/or install malicious software on business networks.