Security researchers have found that phishing emails are more likely to originate from certain countries in parts of Eastern Europe, Central America, the Middle East, and Africa.
The country where emails originate and the number of countries they are routed through on the way to their final destination offer important warning signs of phishing attacks.
For the study, researchers at cloud-enabled security solutions provider Barracuda Networks teamed up with Columbia University researchers.
They examined the geolocation and network infrastructure across more than two billion emails, including 218,000 phishing emails sent in the month of January 2020.
In phishing attacks, attackers use social engineering tactics to lure victims into providing personal information such as usernames, passwords, credit card numbers, or banking information. Thus, to detect the same, the entire focus should be on the content of phishing emails and the behaviour of attackers.
As phishing attacks become more complex, increasingly sophisticated methods are required to defend against them.
After analysing the geography of phishing emails and how they are being routed, Barracuda researchers identified that over 80 per cent of benign emails are routed through two or fewer countries, while just over 60 per cent of phishing emails are routed through two or fewer countries.
Senders that produce a higher volume of phishing emails (more than 1,000 emails in the dataset) with a higher probability of phishing originated from countries or territories including (in descending order) Lithuania, Latvia, Serbia, Ukraine, Russia, Bahamas, Puerto Rico, Colombia, Iran, Palestine and Kazakhstan, said the study.
These are some of the territories from where senders produce a higher volume of phishing emails with a higher probability of phishing.
“With phishing attacks expected to play a dominant role in the digital threat landscape and cybercriminals adjusting their tactics to bypass email gateways and spam filters, it’s crucial to have a solution that detects and protects against spear-phishing attacks, including brand impersonation, business email compromise, and email account takeover,” Murali Urs, Country Manager of Barracuda India, said in a statement.
“Deploy a solution that doesn’t rely on malicious links or attachments but uses machine learning to analyse normal communication patterns within an organization to spot anomalies that may indicate an attack.”
Meanwhile, employees should be provided up-to-date awareness training for recognising attacks and knowing how to report them to IT right away, Barracuda Networks said.