Google has found that most phishing attacks (42%) target Gmail users in the US. Users in the UK were the second most targeted, with 10% of attacks. Japan came in third with 5% of phishing attacks. The researchers note that most attacks reuse the same English email templates, although attackers often adjust the language based on the targeted nations: “78% of the attacks targeting users in Japan occurred in Japanese, while 66% of attacks targeting Brazilian users occurred in Portuguese.”
The researchers also found that most phishing campaigns are “brief and bursty,” lasting about one to three days and targeting between 100 to 1,000 users with each email template. Attackers launch many of these campaigns, however, so the numbers quickly add up.
“In a single week, these small-scale campaigns accounted for over 100 million phishing and malware emails in aggregate, targeting Gmail users around the globe,” the researchers write.
Google shares the following findings related to the likelihood of certain users receiving phishing emails:
“Having your email or other personal details exposed in a third-party data breach increased the odds of being targeted by phishing or malware by 5X.
“Where you live also affects risk. In Australia, users faced 2X the odds of attack compared to the United States, despite the United States being the most popular target by volume (not per capita).
“With respect to demographics, the odds of experiencing an attack was 1.64X higher for 55- to 64-year-olds, compared to 18- to 24-year-olds.
“Mobile-only users experienced lower odds of attack: 0.80X compared to multi-device users. This may stem from socioeconomic factors related to device ownership and attackers targeting wealthier groups.”
Users can defend themselves against phishing attacks if they know how to spot them. New-school security awareness training with simulated phishing attempts can help your employees recognize and thwart social engineering attacks.
Google has the story.