Which users are at higher risk of email-based phishing and malware?

The risk of being targeted with email-based phishing and malware attacks is not evenly spread across geographic and demographic boundaries, Google and Stanford University researchers have discovered.

risk phishing malware

Australian users are, for example, at a higher risk of being targeted that U.S.-based users, and older people are more likely to be targeted than youngsters.

Findings tied to geography and demographics

The researchers have analyzed over 1.2 billion email-based phishing and malware attacks against Gmail users and have singled out some interesting findings.

For example, the United States top the list of countries with the most email-based phishing (28.4%) and malware (51.2%) attacks by volume, but despite that, 16 other countries exhibited a higher risk on average than the U.S. These include DR Congo, Australia, The Netherlands, the U.K., Belgium, Finland, Japan, Lesotho, and Spain.

Malicious emails are predominantly in the English language, especially those targeting users in English-speaking countries (U.S., U.K., Australia, Canada, India), but also in other countries, as well.

“There is some evidence of regional attackers: 78% of the attacks targeting users in Japan occured in Japanese, while 66% of attacks targeting Brazilian users occured in Portuguese,” the researchers noted.

While nearly 90% of phishing emails directed at Dutch users and 80% of those directed at Spanish users are in English, French users are more likely to be hit with a phishing email in French.

Compared to phishing emails, emails delivering malware are generally more likely to be in English that in a local language.

“The odds of being attacked increases with age, with people over 65 years old facing 1.50 times the risk compared to 18–24 year olds who face the lowest risk,” the researchers pointed out.

“One possible explanation is that attackers specifically target older users, potentially due to their reported higher susceptibility to deception and coercion. Alternatively, these older users may have larger online footprints, thus making discovery of their accounts easier.”

Other interesting discoveries

One (unsurprising) discovery is that users who’ve had their personal data exposed in various data breaches are (on average) five times more likely to come under attack that those that haven’t. There’s also some indication that data stolen in third-party breaches might be more used to mount email phishing attacks that malware attacks.

Then, users who just use their mobile phones to access their Gmail account are the least likely to be targeted, and those that use multiple devices (both mobile and desktop) are the most likely to be targeted. Whether that’s because attackers are more likely to target wealthier users/groups or because those who have multiple devices are more likely to have a larger online footprint is unknown.

“We find only a nominal difference between the odds that someone with two-factor authentication enabled will experience and attack versus password-only authentication. This suggests that many users who are at risk of attack have yet to enable additional protections,” the researchers added.

“At the same time, we find that users who have proactively established a recovery mechanism face a higher odds of attack. These users would likely be better protected by strict two-factor authentication.”

Don't miss