Scam emails most commonly originate from Eastern European countries, according to a study by Barracuda Networks.
Analyzing geolocation and network infrastructure across over two billion emails from its Threat Spotlight data, the researchers calculated the quantity of phishing emails as an overall percentage of total messages sent from regions throughout the globe.
It was discovered that the five countries with the highest proportion of phishing attacks from emails sent were all from Eastern Europe. In descending order, they were: Lithuania, Latvia, Serbia, Ukraine and Russia.
The next countries in the list were from the Americas and Asia: Bahamas, Puerto Rico, Colombia, Iran, Palestine and Kazakhstan.
While certain countries had high volumes of phishing emails recorded, the large amount of overall emails originating from them meant the proportion of phishing messages was actually very low. For instance, 129,369 phishing emails in the dataset were sent from the US, representing 0.02% of the total number of emails. Most countries had a phishing probability of 10% or less, according to the report.
Barracuda also noted that phishing emails are more likely to be routed through multiple countries than benign emails. While 60% of phishing emails traversed through two or fewer countries this was 80% for non-phishing emails.
Another interesting finding was that Amazon, Microsoft and Twitter had the highest volume of phishing emails being sent using their infrastructure.
Chris Ross, SVP international at Barracuda Networks, commented: “It would be absurd to ‘blacklist’ all emails from the named countries with a high probability of phishing, however, this research could provide IT managers and CISOs with the information needed to screen or flag some emails with certain features – such as whether an email has passed through more than one country and originates from one of the countries perceived to be a high threat.
“Deploying email security that utilizes artificial intelligence will help streamline this process to pick up and flag communication anomalies and detect certain threats designed to bypass basic email protection. Additionally, improving security awareness through training will help to detect security weak points in an organization and improve data management protocols for the long term.”