back to article No phish for the likes of you, thank you very much! Google finds email villains are picky about demographics, country

Kind old Google has published data on targeted email attacks and dispensed advice to help users separate friend from foe. The pandemic has presented malware-laden email flingers with a world of opportunity and a whole new set of attack vectors. Google noted that it had seen 18 million daily malware and phishing emails related …

  1. MrMerrymaker

    I don't find Google blocks too well

    Still using a Gmail account like an idiot, I do get spam through to the inbox on occasion.

    Like this Tesco email, the entire content is an image with zero text. And Gmail does not let you filter messages that are just an image (nor am I sure I would always want to). With no words in the body, it is difficult to filter at all, as the senders change every time.

    More research, more action welcome.

    1. Pascal Monett Silver badge

      Re: I don't find Google blocks too well

      So you're saying that you get emails with no subject and no content outside of an image. It seems that that would be a pretty clear indicator of spam in itself, why would you not want that filtered ?

      1. MrMerrymaker

        Re: I don't find Google blocks too well

        What?

        I'm saying I CAN'T filter it.

        There is no option.

        But I do have family who email me pics anyway.

      2. doublelayer Silver badge

        Re: I don't find Google blocks too well

        I would like to filter that, but on occasion, someone in the HR office has sent me an email like that. It's never been an important one, usually talking about some new thing they've set up. Still, I wonder what they were thinking when they decided the best way to create an email which might appear on desktops, laptops, or phones is to make an image of all the text and just send that. It can't scale well. I also wonder if there are any visually impaired people on the list. I checked, and they didn't put in any text layer for people who can't read visually.

        1. Anonymous Coward
          Anonymous Coward

          Re: I don't find Google blocks too well

          @doublelayer

          I prostrate myself before your all-knowing presence!!!

          How wonderful to know EVERYTHING!!!

    2. Potemkine! Silver badge

      Re: I don't find Google blocks too well

      I've got much less phishing on Gmail than on Outlook/Office365. Obvious phishing comes regularly in my inbox, whatever the reports I submit to MS.

      1. Doctor Syntax Silver badge

        Re: I don't find Google blocks too well

        But there's not a lot of point in sending emails from Microsoft telling you they're going to close your account to a gmail address.

  2. Uplink

    Who gets the least?

    If I "move" to Nigeria will all spam disappear?

    1. Andy Non Silver badge

      Re: Who gets the least?

      I've got a relative who's a prince in Nigeria, he'll happily provide accommodation for you. Just send me £1,000 deposit.

    2. simkin

      Re: Who gets the least?

      Russia, maybe. That's where a large proportion of phishing seems to originate.

  3. Doctor Syntax Silver badge

    Google...

    ...they should know. After all, most of the spam comes from gmail addresses.

    1. Anonymous Coward
      Anonymous Coward

      Re: most of the spam comes from gmail addresses.

      Or from a spoofed e-mail address with a "contact us at LegitimateBarristerNotAScammerISwear@gmail.com".

      1. dhawkshaw

        Re: most of the spam comes from gmail addresses.

        I agree, much of the time the gmail addresses themselves might be spoofed, but what I'm seeing a great deal in our samples is that Google are the unwitting hosts of the actual attack content / fake web pages through their firebase cloud storage.

        Lots of links like https://firebasestorage.googleapis.com/reallylongurl...

        1. simkin

          Re: most of the spam comes from gmail addresses.

          Definitely. I auto-junk anything with a google API URL in it.

        2. Anonymous Coward
          Anonymous Coward

          Re: most of the spam comes from gmail addresses.

          "Lots of links like https://firebasestorage.googleapis.com/reallylongurl..."

          Indeed.

          googleapis(.)com is on my PiHole blacklist

  4. iron Silver badge

    > The chances of being on the receiving end of a campaign was also 1.64x higher for 55 to 64-year-olds than those in the 18-24 bracket.

    Surely this is because 55 - 64 year olds have been online longer than 18 year olds so their address is more likely to feature on breach lists, etc rather than because of demographics. After all an email address gives you no indication of the age of the recipient. (Although I suppose a Hotmail address or similar probably indicates you're not 18.)

    1. Arthur the cat Silver badge

      Surely this is because 55 - 64 year olds have been online longer than 18 year olds

      I'd guess it's more that 55-64 year olds generally have more money to extract than 18-24 year olds(*).

      (*) Insert snide boomerish remark about avocado lattes if necessary.

    2. yetanotheraoc Silver badge

      Demographics plays some role

      Have 55-64s been online longer when measured in hours connected, lifetime links clicked, number of email accounts, or other usage metrics?

      I found this line from the report amusing: "In order to avoid singling out any individual user or their personal data, we used an anonymization technique called “k-anonymity” to ensure any risk trends that we identified applied to a broad group of similar users." Translation: Google knows every significant and insignificant detail about their @gmail users. Some of that information is in the hands of the spammers as well.

  5. Arthur the cat Silver badge
    WTF?

    Common-sense advice from the UK's National Cyber Security Centre

    Hmm, I went to the linked web page and "You need to enable JavaScript to run this app". Given that disabling Javascript reduces your attack surface I can't help but feel there's a bit of a mixed message coming from NCSC.

    1. Mike 137 Silver badge

      Re: Common-sense advice from the UK's National Cyber Security Centre

      I tried to contact them about this javascript monstrosity. I phoned, and was told to use the "incidents" email address to comment on it. The person at the NCSC then added "we probably won't be able to do anything about it". I emailed as requested, and never got even an acknowledgement.

      I infer that [a] they outsource their web development and exercise no governance over the results (just like everyone else) or [b] they don't really give a fetid dingo's kidneys (just like everyone else). Maybe both (just like everyone else).

      1. A.P. Veening Silver badge

        Re: Common-sense advice from the UK's National Cyber Security Centre

        You are forgetting [c] they are incompetent (just like the rest of government)

        However, I think it is a case of "All of the above".

        1. Anonymous Coward
          Anonymous Coward

          Re: Common-sense advice from the UK's National Cyber Security Centre

          Common sense rule of thumb, Jimmy, don't post / reply to emails while phished.

  6. Mike 137 Silver badge

    Too "safe" already?

    It's getting so goddam "safe" due to everyone and his dog deciding to protect us from spam (without asking whether we want to be protected) that both outgoing and incoming emails (all utterly legitimate) for several businesses randomly get bounced or silently black holed. This is sufficiently common to impede business activities already.

    All you need to be proof against spam is to have a little common sense, pay a little attention and possess a little knowledge. Nobody can truly protect those without these attributes, and the algorithms commonly used to identify spam clearly don't have them either.

    1. Andy Non Silver badge

      Re: Too "safe" already?

      Back in the day when I used to email out licences for my software, it was not uncommon for the emails to end up in the recipients spam folder or even black-holed. Then I'd receive emails from folks annoyed that they'd paid for licences they hadn't received. To make matters worse, my reply to them would also sometimes end up in their spam folder or automatically deleted.

    2. Diogenes8080

      Re: Too "safe" already?

      Incorrect. An unaddressed spam problem will gradually rise to the point where the mailbox is unusable. I have taken over the administration of domains where the worst-case mailbox inflows were easily 80% junk if the more borderline grey mail was included.

      Regarding the original article and phishing, I currently assist in the administration of a domain covering the UK, Eire and a number of other European nations. The anglophone nations appear to get more of their fair share of phishes, and can see threat patterns weeks, months or even a year before they appear in other linguospheres (if that's a word). Even other nations with a high proportion of english-speakers are left behind, and some of the phishes they do get... are in English.

  7. Anonymous Coward
    Anonymous Coward

    "you can find steps to help you identify the most common phishing attacks here."

    No I can't.

    The website in that link says: "You need to enable JavaScript to run this app."

    1. Ken Moorhouse Silver badge

      Re: "you can find steps to help you identify the most common phishing attacks here."

      No I can't.

      The website in that link says: "You need to enable JavaScript to run this app."

      ===

      Ah, but if you enable JavaScript you will see a screen that says:-

      "Getting people to enable JavaScript leads to some of the most common phishing attacks."

  8. Robert Carnegie Silver badge

    Um?

    Links in your e-mail from probably not "Tesco" may be going through Google when you're using Google Mail? Mine don't seem to, but it may be an option... perhaps reserved for sinister links.

    Or is that what you meant?

    If there's a test version "malicious" URL similar to the program code described here

    https://en.wikipedia.org/wiki/EICAR_test_file

    Then you could test the behaviour without using a "real" malicious link.

    Or... Just remember not to click the link.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022