Skip to main content

Even minor phishing operations can distribute millions of malicious emails per week

(Image credit: Image Credit: wk1003mike / Shutterstock)

Even small-scale phishing campaigns are capable of distributing millions and millions of malicious emails to victims around the world, according to a new report from Google Cloud and Stanford University.

Describing the most popular styles of phishing attack, Google's Kurt Thomas and Neil Kumaran explained that criminals today rely on fast-churning campaigns. They create a single phishing email template (usually in English) and send it out to anywhere between 100 and 1,000 targets.

The campaigns are “brief and bursty”, says Google, lasting roughly three days on average.

However, this type of phishing operation can account for more than 100 million phishing and malware emails sent out to Gmail users in a single week, in aggregate.

According to the researchers, there are a few key factors that determine the likelihood of someone being targeted by phishing. The most influential factor is the email address being exposed in a previous data breach, which increases the chances of being targeted by phishing five-fold.

In terms of location, the US is the most popular target by volume, but per capita people living in Australia are twice as likely to be targeted. Older generations are also more likely to be targeted than millennials or Gen Z.

Google’s spam and phishing filters blocked more than 240 million Covid-related daily spam messages last year, together with 18 million malware and phishing emails per day on average.