In an effort to better understand why some users are more heavily targeted by phishing emails and malware, the search giant teamed up with researchers at Stanford University to study over a billion malicious emails and their intended targets.
By aggregating and analyzing all of the malicious campaigns blocked by Gmail over a five-month period, Google found that users in the US were the most popular targets (42%), followed by the Untied Kingdom (10%) and Japan (5%). The study also revealed that most cybercriminals don’t localize their efforts and instead use the same English email templates for users in multiple countries.
At the same time, Google and Stanford University found that the attackers and botnets distributing phishing and malware emails rely on fast campaigns that last from just one day to three days on average. In a single week, these small-scale campaigns accounted for over 100m phishing and malware emails in aggregate which targeted Gmail users worldwide.
In addition to analyzing how the cybercriminals behind phishing and malware campaigns operate, Google also analyzed what factors put a user at higher risk of an attack.
To do this, the company created a model that used an anonymization technique called “k-anonymity” to ensure any risk trends identified applied to a broad group of similar users. The likelihood of receiving a phishing or malware email in a given week was modeled as a function of geographic location, demographics, security posture, device access and prior security incidents.
The model found that users whose emails or personal details were exposed in a previous third-party data breach were five times more likely to be targeted by phishing or malware. Where you live also affects risk though and Australian users were two times more likely to be targeted when compared to users in the US despite the fact that the US is the most popular target by volume and not per capita. Age plays a role as well and users between 55 and 64 are 1.64 times more likely to be targeted when compared to 18 to 24-year-olds.
Finally, the study found that mobile only users are .80 times less likely to experience an attack compared to multi-device users. However, this may stem from socioeconomic factors related to device ownership and the attackers targeting wealthier groups.
To protect yourself from malware and phishing emails, Google recommends that users complete a Security Checkup, enroll in is Advanced Protection program and consider signing up for Google Workspace for its advanced phishing and malware protection which are turned on by default.