Who is targeted by email-based phishing and malware?

Google and Standford University performed a study on over 1.2 billion email-based phishing and malware attacks against Gmail users to understand what factors place a person at heightened risk of attack.

About the Gmail phishing and malware user study

  • A joint five-month study conducted by Google with Stanford University researchers.
  • Anonymized email from Gmail consumer users between April 7 and August 31, 2020.
  • 1.2 billion email-based phishing and malware attacks analyzed.
  • 531,970,56 phishing emails were analyzed.
  • 679,835,204 malware emails were analyzed.
  • On average, 17.0 million users were targeted on a weekly basis.

Observations about phishing and malware campaign size

  • A total of 406,002 distinct phishing campaigns were observed.
  • A total of 724,160 malware campaigns were observed.
  • The top 10% of phishing campaigns accounted for 76% of phishing emails.
  • The top 10% of malware campaigns accounted for 61% of emails with malicious attachments.
  • 91% of phishing campaigns distributed less than 1,000 emails.
  • 99% of malware campaigns distributed less than 1,000 emails.

Observations about phishing and malware campaign duration

  • 89% of malware campaigns last just one day.
  • 80% of phishing campaigns last less than one week.
  • Traffic to phishing pages has been found to disappear within a few hours after detection.

What Gmail users get targeted by phishing and malware campaigns?

  • Attackers focus their phishing and malware attacks on North America and Europe.
  • 83% of phishing emails and 97% of malware emails in written in English.
  • The odds of someone age 55-64 experiencing an attack is, on average, 1.64 times that of an 18–24 year old.
  • Users with personal data exposed by third-party breaches face far higher average odds of attack.
  • Results suggest that data breaches expose users to lasting harms due to the lack of viable remediation options.

Defending against phishing when users click on the threat

Securd defends against phishing at the last mile of the threat. Powered by patent-pending security technology, Securd blocks access to the phishing sites in a way secure email gateways (SEGs) and virus protection software programs and other anti-phishing solutions simply can’t. Securd is transparent, simple to configure, and easy to deploy. When users engage in a phishing site, Securd blocks the threat with a customizable block page creates a teachable moment. IT and security departments love Securd’s detailed logging and analytics, which allow administrators to review threats and gain insight into who is targeting their employees. Getting started with is Securd is easy. You can set up protection in less than 5 minutes. Start your free trial today.