Google Shares Data on Corporate Email Attacks

Generally, corporate email accounts are much more likely to receive phishing, malware and spam emails than a general personal inbox, according to an analysis by Google.

Gmail service by Google has more than one billion active users and the company says they block hundreds of billions of attacks aimed at corporate accounts every week. At the RSA Conference last week, Google shared some insight on the threats which target corporate inboxes and how these numbers compare to other types of accounts.

The data which is collected so far this year shows that a normal corporate email account is 6.2 times more likely to receive a phishing email, 4.3 times more likely to receive malware, and nearly 0.4 times more likely to receive a spam compared to personal inboxes.

While corporate accounts seem to be favourite targets for attackers, when it comes to spam and non-profit, phishing, education and government organisations are even more likely to see malware attacks compared to businesses.

The IT, entertainment and housing sectors are most targeted in spam campaigns, but when it comes to phishing attacks, they are more likely to be aimed at the finance and insurance sector. coming to malware attacks, real estate was by far the most targeted sector.

The sheer volume of phishing attempts depends on the location; for instance, in Japan, the financial sector receives a lot more phishing emails than in the United Kingdom and the United States. Google has also noticed that the IT industry in Brazil is roughly twice as many phishing attempts than in the U.S. and the U.K.

Japan and India are the countries with the most spammed inboxes, and the U.S., Germany and France are the largest spammers. In the first part of 2017, the highest percentage of phishing emails were sent to accounts in Japan, followed at a distance by Brazil, Canada and the United States.

Google’s experts pointed out that targets are selected based on several criteria, including size, type of organisation, the sector of activity, and location (country). That is why they believe defences must be tailored based on each organisation’s risk profile.

source: securityweek

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil