Pierluigi Paganini February 13, 2021

Google revealed that Gmail users from the United States are the most targeted by email-based phishing and malware.

A joint five-month study conducted by Google with Stanford University researchers analyzed over 1.2 billion email-based phishing and malware attacks against Gmail users to determine what are factors influence the risk of attack.

Experts discovered that malicious campaigns are typically short-lived and indiscriminately target users worldwide.

“However, by modeling the distribution of targeted users, we find that a person’s demographics, location, email usage patterns, and security posture all significantly influence the likelihood of attack.” reads the study published by Google. “During our measurement window, we find that attackers targeted, on average, 17.0 million users every week with hundreds of thousands of campaigns that last a median of just one day. These attacks follow a skewed distribution: 10% of phishing campaigns accounted for 76% of phishing attacks, and 10% of malware campaigns accounted for 61% of malicious attachments. Attackers broadly targeted users around the globe as part of their campaigns, with the majority of targets residing in North America and Europe. While 90% of attacks occurred in English, we show evidence that some attackers localize their efforts.”

According to the study, 42% of all targets were from the US, followed by the UK (10% of all attacks) and Japan (5% of attacks).

Both phishing and malware attacks are bursty, experts observed the volume of attacks increasing by 500% at times from week to week. At its peak, the researchers observed 117 million phishing emails targeting 41 million distinct users during the week of May 11, 2020.

“Over the course of our measurement period, we observed a total of
406,002 distinct phishing campaigns and 1,724,160 malware campaigns. Both classes of attacks exhibit a highly skewed distribution.
The top 10% of phishing campaigns account for 76% of phishing
emails, while the top 10% of malware campaigns account for 61% of
emails with malicious attachments.” continues the report.

According to the experts, 89% of malware campaigns last just one day, while the median phishing campaign lasts three days or less. The short duration
a choice of the attackers to evade detection.

Other factors of high risk of being targeted by phishing attacks reported by the experts are:

• The availability of email or other personal details online froom a third-party data breach.
• The country where a user accesses Gmail, the highest risk countries are in Europe and Africa.
• The age, 55- to 64-year-olds are more exposed to attacks compared to 18- to 24-year-olds.
• Type of devices. Compared to users owning multiple types of devices, users who own only a personal computer face slightly lower odds of targeting (0.90) and mobile-only users face even lower risks of attack (0.80).
• Email activity. The odds of being targeted increase with the level of engagement with Gmail. Of course, active users face higher likelihoods of being targeted, with those most frequently interacting with Gmail being, on average, 5.18 times more likely to be targeted than an inactive user.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Pierluigi Paganini

(SecurityAffairs – hacking, Gmail)

[adrotate banner=”5″]

[adrotate banner=”13″]