Threat actors constantly innovate and adopt new techniques to perform their phishing activities successfully. They often leverage compromised email IDs, login credentials, and other personal data that is exposed in data breaches, or data available on darknet forums. Users who had their private information exposed in cyberattacks earlier are more prone to phishing attacks.
To determine why some users are more likely targeted by phishing scams, Google teamed up with security researchers at Stanford University to study the intentions of malicious actors. “We measure over 1.2 billion email-based phishing and malware attacks against Gmail users to understand what factors place a person at heightened risk of attack,” Google said.
Google Blocks 99.9% Phishing Mails
Google stated that it blocks more than 100 million spam and malicious emails from reaching Gmail users. The search engine giant observed over 18 million COVID-19-related malware and phishing emails daily during the pandemic, in addition to more than 240 million COVID-19-related spam messages. Google’s machine learning models understand and filter more than 99.9% of spam, phishing, and malware from reaching its users.
U.S. Gmail Users are Most Targeted
Based on its five-month-long investigation, Google discovered that users in the U.S. were the most popular targets for phishing attacks (42%), followed by the U.K. (10%), and Japan (5%). The study also found that the attackers pre-plan their phishing campaigns by leveraging botnets and malicious attachments.
Who are at High Risk?
- Users who have exposed their email or other personal details in a third-party data breach are likely targeted by phishing or malware by 5X.
- User location matters. Where you live also affects risk. In Australia, users faced 2X the odds of attack compared to the U.S., despite the U.S. being the most popular target by volume.
- With respect to demographics, the odds of experiencing an attack was 1.64X higher for 55- to 64-year-olds, compared to 18- to 24-year-olds.
- Mobile-only users experienced lower odds of attack – 0.80X compared to multi-device users.
- Most attackers don’t localize their efforts, using the same English email template for users in multiple countries.
- There is, however, some evidence of regional attackers. Nearly 78% of the attacks targeting users in Japan occurred in Japanese, while 66% of attacks targeting Brazilian users occurred in Portuguese.
- Threat actors rely on fast-churning campaigns. A similar email based on a template is sent to 100–1,000 targets on average.
- The campaigns are brief, lasting just one to three days on average.
- In a single week, these small-scale campaigns accounted for over 100 million phishing and malware emails in aggregate, targeting Gmail users around the globe.
Though Gmail’s phishing and malware protections are turned on by default, Google recommended certain security tips to avoid any phishing risks. These include:
- Complete a Security Checkup for personalized and actionable security advice.
- If appropriate, consider enrolling in Google’s Advanced Protection Program, which provides Google’s strongest security to users at increased risk of targeted online attacks.
- Enable Enhanced Safe Browsing Protectionin Google Chrome to substantially increase your defenses against dangerous websites and downloads on the web.