Who is targeted by email-based phishing and malware? Measuring factors that differentiate riskWho is targeted by email-based phishing and malware? Measuring factors that differentiate risk
  1. publications
  2. cybersecurity

Who is targeted by email-based phishing and malware? Measuring factors that differentiate risk

Available Media

Publication (Pdf)

ConferenceInternet Measurement Conference
AuthorsCamelia Simoiu , Ali Zand , Kurt Thomas ,
Citation

Bibtex Citation

@inproceedings{NANWHO,title = {Who is targeted by email-based phishing and malware? Measuring factors that differentiate risk},author = {"Camelia Simoiu" and "Ali Zand" and "Kurt Thomas" and "Elie Bursztein"},booktitle = {Internet Measurement Conference},year = {2020},organization = {ACM}}

As technologies to defend against phishing and malware often impose an additional financial and usability cost on users (such as security keys), a question remains as to who should adopt these heightened protections. We measure over 1.2 billion email-based phishing and malware attacks against Gmail users to understand what factors place a person at heightened risk of attack. We find that attack campaigns are typically short-lived and at first glance indiscriminately target users on a global scale. However, by modeling the distribution of targeted users, we find that a person�s demographics, location, email usage patterns, and security posture all significantly influence the likelihood of attack. Our findings represent a first step towards empirically identifying the most at-risk users.

Recent

newsletter signup slide

Get cutting edge research directly in your inbox.

newsletter signup slide

Get cutting edge research directly in your inbox.