42% of Gmail scams targeted American users, Google finds

Other risk factors include age, where one lives and whether they use Gmail more frequently.
Gmail on the laptop screen illustration, Getty Images

Who you are, where you are and how you experience online life are all major factors in whether you’re targeted for phishing and malware campaigns on Gmail, a joint Stanford University-Google study concluded.

The examination of 1.2 billion email-based phishing and malware attacks against Gmail users found that the risk of getting hit correlated at least in some significant measure to age, country, frequency of Gmail usage and past breach exposure.

Users in the U.S. were most frequently targeted, attracting 42% of the attacks that researchers tracked. U.K. users were the subject of 10% of attacks, while people in Japan came in third, with 5%.

Higher age groups also encountered higher odds of being targeted. For instance, the 55 to 64 age group was 1.64 times more likely to experience an attack compared to 18- to 24-year-olds.


Google publicized the study Tuesday, saying it teamed with Stanford researchers on in order to learn about how to better protect its most high-risk users.

“Our results represent a first step towards empirically identifying at-risk user populations and the promise of tailoring protections to those users that need it most,” the study reads. “We hope that future work will build on these insights to add a richer understanding of which factors influence risk, as well as to establish a minimum threshold for who needs high-friction protections.”

Beyond the details about whom hackers targeted, Google also said it learned more about attackers’ tendencies and those of botnets — infected armies of computers used in a variety of attacks. Their campaigns tend to be short, just one to three days. But they’re “fast-churning” and tend to be small in scale, with each email template going out to 100-1,000 targets on average and getting a lot of work done in a given week: 100 million phishing and malware emails in aggregate.

The highest-risk countries by average weekly likelihood of attack were clustered in Europe and Africa, even if most of the total volume of attacks still took aim at the U.S. The high volume of attacks on the U.S. and other English-speaking nations likely explained why attackers tended to use the same English email template across nations, although sometimes they regionalized them, such as in the case of Japan, where 78% of attacks occurred in the Japanese language.

The biggest factors appeared to be whether someone had been a victim in other breaches or whether they were frequent Gmail users, making the average odds of suffering an attack more than five times higher.


Other factors played smaller roles, such as users relying only on a mobile phone or personal computer facing lower risk of attack than multi-device users.

Latest Podcasts