In February of this year I told you that Google released a new study that it did in conjunction with researchers at Stanford University in which it studied more than a billion malicious emails targeting gmail users.  The study has a number of interesting points that can help us all protect ourselves from phishing and spear phishing emails.  Phishing and the more specifically tailored and targeted spear phishing emails are the primary way that malware is delivered, data breaches are accomplished and many scams originate.  These legitimate appearing phishing and spear phishing emails most commonly lure victims into either providing personal information that is used to make you a victim of identity theft or to click on links infected with malware such as ransomware or keystroke logging malware that can enable the hacker to go through your computer or phone for information that can be used to make you a victim of identity theft.

The study found how massive the threat of phishing and spear phishing emails are with the number of phishing emails totaling more than a hundred million each day.  During the pandemic, at its peak, the number of phishing and spear phishing emails related to the Coronavirus pandemic reached as high as 18 million in a single day.

Recently scammers have been using Netflix’s popular series “Squid Game” as a hook in a recent onslaught of spear phishing emails promoting a sneak peek at a second season of “Squid Games” although the truth is that the show has not at this time been renewed.  In addition, as a further lure to induce people receiving the email to click on an infected link, some of the emails indicate that the person receiving the email could be cast as a character in the upcoming season.  All of this is done to entice people into clicking on links in the emails that are infected with serious malware.

So what can you do to protect yourself?


First and foremost you should remember my motto, “trust me, you can’t trust anyone.”  Whenever you get an email requesting personal information or asking you to click on a link, you should be skeptical.  You can never be sure who is actually contacting you.  The first thing you should do is check the email address of the sender.  Often phishing and spear phishing emails are sent in large number by criminals using botnets which are networks of  hacked and infected computers used by cybercriminals to send out phishing emails in a manner that cannot readily be traced back to them.  However, if you get a phishing email that appears to come from Netflix for example and the email address of the sender is that of a individual person, you can be confident that the email is a phishing email and you should ignore it and delete it.

Even if the email address of the sender appears to be legitimate, sophisticated cybercriminals can make the email address appear to be that of a legitimate source.  Still you shouldn’t trust it, but rather should absolutely confirm any email that asks for personal information or for you to click on a link that it is legitimate.

You should also use strong security software on all of your electronic devices including your phone and computer, however, you should not rely on these to be foolproof.  Never underestimate the power of a fool or a cybercriminal.  Even if you keep your security software updated with the latest security patches as soon as they are made available (which is very important to do), the latest versions of malware are always at least a month ahead of the security software companies.

For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the website and click on the tab at the top of the page that indicates “Coronavirus Scams.”  Scamicide has been cited by the New York Times as one of three top sources for information about Coronavirus related scams.

If you are not a subscriber to and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link.