These Are the User Demographics Phishing Actors Love to Target

• Phishing campaigns aren’t going after random targets or anyone with an email address.
• Instead, actors like to target specific demographics like older people, Americans, and Australians.
• Those using only mobile devices are generally safe, too, as they don’t appear wealthy to the crooks.

Not every internet user is equally lucrative for phishing actors. Considering the volume of emails and follow-up responses these crooks have to manage, they often prefer to just narrow down their targets and up their success rates. A report by Google based on Gmail data gives us amazing insight into which demographics are safe, which users are bombarded by phishing more often, and what everyone can do to remain protected against the associated dangers.

First of all, Google says their ML models continue to evolve, and they are now able to block over 99.9% of all spam, phishing, and malware messages sent to Gmail users. That’s great, but it’s the same rate that Google gave us a year ago, so we would guess that there’s always an elusive 0.1% that is following novel methods to evade detection.

On to the actual stats, here are the most interesting numbers presented in the report:

• Those based in the United States are the most targeted (42% of all attacks), with UK and Japan following with 10% and 5%, respectively.
• Australians were the most targeted internet users based on the odds (not per capita).
• In Japan and Brazil, phishing actors care to localize the language of their messages by 78% and 66%, respectively. In the rest of the world, not so much.
• Phishing campaigns are meant to remain active only for an average of three days, so actors are sending the exact same template to thousands of targets at once.
• Those who have had their email addresses exposed through third-party breaches see their targeting chances increase five-fold.
• Users aged between 55 and 64 are 1.64X more likely to be targeted than those between 18 and 24, which is the “safest” age range.
• Mobile-only users are generally enjoying more peace of mind, as they receive 80% of the phishing volume of those who are using multiple devices and platforms.

All that said, if you want to stay safe from phishing threats, there’s a number of things you can do which will have a concrete impact on your security on Gmail. First, complete the “Security Checkup” to figure out if you lack something like 2FA. Secondly, enroll in Google’s “Advanced Protection” program if you’re eligible. Finally, enable the “Enhanced Safe Browsing Protection” on the Chrome browser, which should be enough to catch and stop threats before they cause any damage.