Hybrid, Older Users Most-Targeted by Gmail Attackers

Researchers at Google and Stanford analyzed a 1.2 billion malicious emails to find out what makes users likely to get attacked. 2FA wasn’t a big factor.

Users whose personal details have been exposed by a third-party breach, Australians, older folks and those who use both desktops and mobile devices are at the highest risk of becoming the victim of a malicious email attack, according to Google and researchers from Stanford, who teamed up to determine who has the highest risk of being targeted.

The researchers looked at the 1.2 billion phishing and malware emails automatically blocked by Gmail over five months. For privacy, the team used something they called “k-anonymity” to look at broad trends across the data, rather than individual users.

“We modeled the likelihood of receiving any phishing or malware emails in a given week as a function of geographic location, demographics, security posture, device access and prior security incidents (such as having personal data revealed by a third-party data breach),” the report explained.

This research comes at a time when users are getting crushed by record numbers of malware-stuffed emails. COVID-19 and the pandemic’s push to a remote workforce have supercharged email attckers’ efforts over the past year.

In fact, according to Proofpoint’s 2020 State of the Phish report, the pandemic has driven a 14 percent increase in phishing attacks in the U.S. alone over 2019.

Attackers Are Trolling for Stolen Data

Users who had personal data exposed in a third-party breach were five-times more likely to be targeted by phishing or malware, according to the report, which highlights just how damaging these types of data breaches can be, even in the long run.

“This suggests that attackers actively harvest data breach information, both for enumerating email addresses, but also potentially for demographic information in order to identify a user’s age or country of access,” the report found. “As such, our results suggest that data breaches expose users to lasting harms due to the lack of viable remediation options.”

Where Do Most Gmail Attacks Take Place?

Users’ location is also a big factor in how likely they are to be targeted by malicious emails. The United States is the most popular country for attackers in terms of sheer numbers, perhaps unsurprisingly. However, the report reveals that Gmail users in Australia actually face twice the odds of being targeted versus Americans.

“We find that the country where a user accesses Gmail represents a considerable risk factor,” the report explained. “The highest-risk countries are concentrated in Europe and Africa…. Overall, 16 countries exhibited a higher risk on average than the United States, even though the United States is the largest target by volume of emails.”

Are Older People More Vulnerable? Yes.

Age is also a factor when it comes to being targeted, according to the report’s findings. The report said, “the odds of someone 55 to 64 experiencing an attack is, on average, 1.64 times that of an 18 to 24-year-olds.”

There are two possible explanations for this, the report explained. First is that attackers simply see older users as easier to dupe and coerce. The second is that older people tend to have “larger online footprints,” the report said, “thus making the discovery of their accounts easier.”

Mobile-Only and Desktop-Only Are Safest

Meanwhile, mobile-only and desktop-only users were less likely to be victimized than those who use both to access their Gmail accounts, the report found.

“This may be due to the socioeconomic (SES) factors affecting device ownership (i.e., lower SES groups are more likely to own only mobile or only desktop devices), and attackers targeting wealthier groups,” according to the analysis. “Device ownership may also be correlated with technical savviness and online footprint; users that only sign in from one type of device may sign up for less online services and accounts, further reducing their likelihood of being targeted.”

Another factor which correlates with a higher risk of email attacks include the amount of activity a person has on Gmail, with “frequent” users being more than five times as likely to be targeted.

Can 2FA Protect Against Email Threats?

Surprisingly, the researchers said they found only a “nominal difference” in the mitigation of risk with two-factor authentication (2FA).

“This suggests that many users who are at risk of attack have yet to enable additional protections,” the report said. “At the same time, we find that users who have proactively established a recovery mechanism face a higher odds of attack (µ = 2.34). These users would likely be better protected by strict two-factor authentication.”

Regardless of how likely a user is to be attacked by a scam, it’s still basic security awareness and human behavior that offers the best protection, Gretel Egan, senior security awareness and training strategist for Proofpoint explained.

“Most attacks require human interaction to be successful — and they are overwhelmingly aimed at specific people,” she said.

Google suggests that users boost their security by completing a security checkup and enabling safe-browsing protections in Google Chrome. Google also offers an Advanced Protection program for users who have a high risk of being targeted.

Threatpost WEBINAR: Is your small- to medium-sized business an easy mark for attackers? Save your spot for 15 Cybersecurity Gaffes SMBs Make,” a  FREE Threatpost webinar on Feb. 24 at 2 p.m. ET. Cybercriminals count on you making these mistakes, but our experts will help you lock down your small- to mid-sized business like it was a Fortune 100. Register NOW for this LIVE webinar on Wed., Feb. 24.

 

 

 

Suggested articles

Discussion

  • Alexsandyr Troutnoodler on

    One possible reason dual-users are more vulnerable, is due to people checking the box, "stay signed in". Every time I use Gmail, I log in, do my tasks, then log out. I will admit to checking the box, "Do not require authentication" on my desktop and phone, and I probably shouldn't. Doing so defeats the purpose of 2FA.

Leave A Comment

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.