Google: Here's why some people get more phishing emails and malware spam

Gmail stops 99.9% of phishing attacks from reaching inboxes - but that doesn't stop scammers trying new things in an effort to sneak through defences.
Written by Danny Palmer, Senior Writer

Cyber criminals are constantly adapting techniques to distribute phishing emails, but simply having your email address or other personal details exposed in a data breach makes you five times more likely to be targeted.

Google teamed with Stanford University to analyse over a billion of phishing emails cyber criminals attempted to send to Gmail users between April and August last year and found that having personal information leaked in a third-party data breach following a hacking incident drastically increases the odds of being targeted with phishing emails, compared with users who haven't had their details published.

SEE: Security Awareness and Training policy (TechRepublic Premium)

Other factors that might make it more likely for you to be hit with phishing according to Google's model include:

  • Where you live also: in Australia, users faced 2X the odds of attack compared to the US, even though the US is the most popular target by volume (not per capita). 

  • The odds of experiencing an attack was 1.64X higher for 55- to 64-year-olds, compared to 18- to 24-year-olds.

  • Mobile-only users experienced lower odds of attack: 0.80X compared to multi-device users. Google said this "may stem from socioeconomic factors related to device ownership and attackers targeting wealthier groups."

Google says it prevents 99% of the over one hundred million emails containing spam, phishing links and malware sent out cyber criminals each day from reaching inboxes – but there are common tricks that attackers use in an effort to bypass protections.

This involves a reliance on fast-churning campaigns, with certain email templates only sent out over a brief period. Sometimes campaigns can last less than a day before cyber criminals move on to attempting to use a different template for email scams.

However, the research paper also notes that phishing is an ever-evolving area and continued study is required to ensure users are as protected as much as possible from attacks.

"Our measurements act as a first step towards understanding how to evaluate personal security risks. Ultimately, such estimates would enable automatically identifying, recommending, and tailoring protections to those users who need it most," says the paper.

While the users targeted by phishing emails tends to change on a week to week basis, the pattern of attacks remains largely the same.

Geography also plays a large role in whether cyber criminals will attempt a phishing attack, with users in the US the most popular targets, accounting for 42% of attacks. That's followed by the UK, which is targeted by one in 10 phishing attacks and Japan, which is targeted by one in 20 phishing attacks.

SEE: How do we stop cyber weapons from getting out of control?

While most attackers don't localise their efforts, and use English in messages sent to countries around the world, there are regions where the emails are tailored towards particular languages. For example, 78% of the attacks targeting users in Japan occurred in Japanese, while 66% of attacks targeting Brazilian users occurred in Portuguese.

Google notes that Gmail's phishing and malware proetections are turned on by default, but also encourage users to use the Security Checkup function for personalised advice on how to keep their inbox safe from phishing and other malicious attacks.

It's also recommended that enterprise users deploy Google's advanced phishing and malware protection.


Editorial standards