Security news that informs and inspires

Email Attackers Target Victims Based on Demographics

Attackers consider demographics data such as age and where the user lives when crafting email-based attacks and identifying who will be targeted. The analysis of whether or not a person will be a victim happens for broad "cast a wide net" attacks, as well.

Risk is not evenly spread out among users across geographic and demographic boundaries, a joint study by researchers from Google and Stanford University found. Some users, irrespective of their security practices, are more likely to be targeted than others. There were certain factors that put a user at a higher risk: already being a victim, location, and age. There were other factors at play, with smaller effects, such as the frequency of Gmail usage and whether the person used mostly mobile devices or also used a personal computer, as well.

The researchers studied phishing and malware attacks--approximately 1.2 billion messages--against Gmail users over a five month period. Phishing and malware email attacks tended to be short-lived campaigns. Emails based on a template were sent to 100 to 1,000 targets on average, over a one to three day period. In a single week, these small-scale campaigns accounted for over 100 million phishing and malware emails, targeting Gmail users around the world, said Kurt Thomas, a research scientist at Google's security and anti-abuse research group, and Neil Kumaran, a Gmail security product manager.

There were 18 million daily malware and phishing emails related to COVID-19 on top of over 240 million COVID-related spam messages hitting Gmail servers in the early months of the pandemic.

The strongest indicator that a user would be targeted was having private data exposed in a different breach. Having email addresses and other personal details exposed in a third-party data breach increased the odds of being targeted by phishing or malware by 5 times.

Location also mattered: people in the United States were most targeted by sheer volume. About 42 percent of the attacks tracked in the study targeted people in the United States. Consider the disparity between the most targeted and second-most targeted: just 10 percent of the attack volume targeted people in the United Kingdom. The highest risk countries, however, were clustered in Europe and Africa. Australians also faced double the odds of an attack per capita.

English-language email templates were frequently reused across different countries. Attackers did improve their localization efforts--78 percent of attacks in Japan were written in Japanese and 66 percent of attacks in Brazil were in Portugeuese, for example--but the attackers were still more likely to focus on English-language speakers.

The biggest factors appeared to be whether someone had been a victim in other breaches or whether they were frequent Gmail users, making the average odds of suffering an attack more than five times higher.

Having your email or other personal details exposed in a third-party data breach increased the odds of being targeted by phishing or malware by 5X. Where you live also affects risk. In Australia, users faced 2X the odds of attack compared to the United States, despite the United States being the most popular target by volume (not per capita).

A lot has been said in the past about how older people have a harder time recognizing attacks, or have more difficulty keeping themselves secure online. The data showed that the chances of getting hit by an email attack was 1.64 times higher for people between the ages of 55 years and 64 years, than those people between the ages of 18 years and 24 years.

The device of choice also had a small effect. Mobile-only users experienced lower odds--just 0.08 times--compared to multi-device users. "This may stem from socioeconomic factors related to device ownership and attackers targeting wealthier groups," the researchers noted.

The campaigns tended to be brief in duration and small in scope, targeting between 100 and 1,000 targets over a period of few days.

“Our results represent a first step towards empirically identifying at-risk user populations and the promise of tailoring protections to those users that need it most,” the researchers wrote. “We hope that future work will build on these insights to add a richer understanding of which factors influence risk, as well as to establish a minimum threshold for who needs high-friction protections.”