Galaxy Z Flip 4 Preorder Quest 2: Still the Best Student Internet Discounts Best 55-Inch TV Galaxy Z Fold 4 Preorder Nintendo Switch OLED Review Foldable iPhone? 41% Off 43-Inch Amazon Fire TV
Want CNET to notify you of price drops and the latest stories?
No, thank you

Hackers tempt federal workers with free fast food in COVID-19 scams

Cyberspies backed by foreign governments are using offers of free meals to trick US government workers into revealing login information, Google says.

A novelty hamburger with a bun that looks like the coronavirus
Be careful -- that free burger may not be what it seems.
Manan Vatsyayana/Getty Images
For the most up-to-date news and information about the coronavirus pandemic, visit the WHO and CDC websites.

Hackers are finding every opportunity they can to exploit the coronavirus pandemic, even using the disease to promise free meals for government officials, Google detailed in a report Wednesday. 

The tech giant said it's been blocking 18 million malicious coronavirus emails every day, and that's not including the 240 million spam emails related to the virus. Cybercriminals are not the only ones taking advantage of the pandemic. Google's Threat Analysis Group said it's found more than a dozen hacking groups backed by various governments that are using COVID-19 as a cover for tricking people into clicking malicious links. 

The attacks differ from cybercriminal schemes in that government-backed hackers are often doing it for espionage purposes rather than financial gain. Google said it found one campaign that targeted US government employees by offering coupons and free meals from American fast food chains. 

The scam involved COVID-19 messaging and directed victims to a website disguised as a page for arranging meal deliveries. The ploy was designed to steal government workers' Google account login credentials, the tech giant said. 


Here's where the hacking campaigns have been targeting attacks.


"We're not aware of any user having their account compromised by this campaign, but as usual, we notify all targeted users with a 'government-backed attacker' warning," Google's Threat Analysis Group director, Shane Huntley, said in a post

The attacks have targeted government officials on every continent except Antarctica, but the fast food phishing scam was used only in the US.

Hackers are also targeting health organizations and their employees. Huntley said the team has seen websites designed to look like the World Health Organization's login page, and emails pretending to ask for research and insight on COVID-19.

Google said it was adding extra security protections for more than 50,000 accounts belonging to health organizations such as the WHO.

Now playing: Watch this: How this drone can help stop the spread of coronavirus