Google ranks Gmail malware targets: Here's how your sector rates on malicious spam
Real-estate businesses receive 10 times more spam with malicious links or attachments than organizations in healthcare and sciences, according to Google's analysis of spam targeting G Suite users in the first quarter of 2017.
Google doesn't explain why real-estate businesses are being targeted, but the Boston division of the FBI in December warned of a dramatic surge in "business email compromise" fraud targeting businesses in the city, singling out real-estate agents as frequent targets.
It counted 370 victims in its division, with losses totaling $33m. Individual losses ranged from $500 to $5.9m.
Attackers also sent 4.3 times more malicious attachments and 6.2 times more phishing emails to corporate Gmail accounts than personal Gmail inboxes, according to Google. The report profiles targeted attacks against G Suite users across different sectors and countries.
Google says it wants to expose email attack trends to highlight notable differences between industries so that security pros can tailor defenses to these threats.
In slides from a presentation by Google's anti-fraud team at RSA this week, Google reveals that science-related firms in Germany receive 9.6 times more phishing emails than US counterparts.
Additionally, nonprofits are more than twice as likely to receive malware in email as businesses or government organizations. On the other hand, corporate inboxes are 3.2 times more likely to receive phishing email than educational organizations.
The company also highlights a spam attack on May 5 that attempted to spread the Locky file encrypting ransomware, which was often embedded in JavaScript files in ZIP attachments.
Locky spam was being blocked by Gmail on May 5 at a rate of 30 million messages per hour, up from 20 million per hour the day before. Security researchers reported an uptick in malicious JavaScript attachments early last year.
The Locky attack goes some way to explaining Google's recent move to block all JavaScript or .js attachments in Gmail.
Google's numbers also show that companies most targeted by spam in general are firms in the entertainment, IT, and housing sectors, while phishing attacks are far more likely for organizations in finance, arts and IT.
More on security
- Zuckerberg's epic Facebook manifesto redacted to omit plans for AI to monitor private messages
- Australia's culture of trust is leaving the country vulnerable: Kaspersky Lab
- Vendor Security Alliance scales up efforts, aims for faster vendor vetting
- Lone hacker Rasputin breaches 60 universities, federal agencies
- Xen Project asks to limit security vulnerability advisories
- Microsoft to delay its February patches to March 14