Google has found that most phishing attacks (42%) target Gmail users in the US. Users in the UK were the second most targeted, with 10% of attacks. Japan came in third with 5% of phishing attacks. The researchers note that most attacks reuse the same English email templates, although attackers often adjust the language based on the targeted nations: “78% of the attacks targeting users in Japan occurred in Japanese, while 66% of attacks targeting Brazilian users occurred in Portuguese.”
The researchers also found that most phishing campaigns are “brief and bursty,” lasting about one to three days and targeting between 100 to 1,000 users with each email template. Attackers launch many of these campaigns, however, so the numbers quickly add up.
“In a single week, these small-scale campaigns accounted for over 100 million phishing and malware emails in aggregate, targeting Gmail users around the globe,” the researchers write.
Google shares the following findings related to the likelihood of certain users receiving phishing emails:
“Having your email or other personal details exposed in a third-party data breach increased the odds of being targeted by phishing or malware by 5X.
“Where you live also affects risk. In Australia, users faced 2X the odds of attack compared to the United States, despite the United States being the most popular target by volume (not per capita).
“With respect to demographics, the odds of experiencing an attack was 1.64X higher for 55- to 64-year-olds, compared to 18- to 24-year-olds.
“Mobile-only users experienced lower odds of attack: 0.80X compared to multi-device users. This may stem from socioeconomic factors related to device ownership and attackers targeting wealthier groups.”
Users can defend themselves against phishing attacks if they know how to spot them. New-school security awareness training with simulated phishing attempts can help your employees recognize and thwart social engineering attacks.
Google has the story.
Free Phishing Security Test
Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.
Here”s how it works:
Immediately start your test for up to 100 users (no need to talk to anyone)Select from 20+ languages and customize the phishing test template based on your environmentChoose the landing page your users see after they clickShow users which red flags they missed, or a 404 pageGet a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with managementSee how your organization compares to others in your industry
PS: Don”t like to click on redirected buttons? Cut & Paste this link in your browser: