A corporate email account is much more likely to receive malware, phishing and spam emails than a personal inbox, according to an analysis conducted by Google.
Google’s Gmail service has more than one billion active users and the company says it blocks hundreds of billions of attacks aimed at these accounts every week. At the RSA Conference this week, the search giant shared some insight on the threats targeting corporate inboxes and how the numbers compare to other types of accounts.
Data collected so far this year shows that a corporate email account is 4.3 times more likely to receive malware, 6.2 times more likely to receive a phishing email, and 0.4 times more likely to receive spam compared to personal inboxes.
While corporate accounts seem to be attackers’ favorite targets when it comes to spam and phishing, non-profit, education and government organizations are more likely to see malware attacks compared to businesses.
The entertainment, IT, and housing sectors are the most targeted in spam campaigns, but phishing attacks are more likely to be aimed at the finance and insurance sector. When it comes to malware attacks, real estate was by far the most targeted sector.
Sectors most targeted by malware in first part of 2017
The volume of phishing attempts depends on location – for instance, the financial sector in Japan receives a lot more phishing emails than in the United States and the United Kingdom. Google also noticed that the IT industry in Brazil sees roughly twice as many phishing attempts than in the U.S. and the U.K.
Japan and India are the countries with the most spammed inboxes, and the U.S., Germany and France are the largest spammers. In the first part of 2017, the highest percentage of phishing emails were sent to accounts in Japan, followed at a distance by Brazil, Canada and the United States.
Google’s experts pointed out that targets are selected based on several criteria, including size, type of organization, sector of activity, and location (country). That is why they believe defenses must be tailored based on each organization’s risk profile.
Source: SANS ISC SecNewsFeed @ February 17, 2017 at 10:54AM