The Surge in Native Language Phishing Emails

Rui Serra By Rui Serra • April 15, 2021

The first "Spear" in SpearPhishing is adapting the attack to the victim language, and this is a growing trend for phishing emails.

According to Google’s research on who is being targeted by email phishing attacks, there were 18 million COVID-19-related malware and phishing emails and 240 million coronavirus-related spam messages each day at the height of the pandemic. Email phishing attacks are predominantly in English and target English-speaking countries like the USA, Canada, UK, and Australia. But in parallel, and in recent years, security systems have detected a rise in Global phishing attacks designed for the targeted countries. For example, Portugal, Brazil, Angola, and others will get the attack campaign in Portuguese, while Spain, Mexico and Uruguay will get the campaign in Spanish. 

Studying the Relation Between Non-English Speaking Targets and Phishing Attacks 

For the study above, Google teamed up with Stanford University to study which demographic is the highest risk for being targeted by phishing and malware attacks. The Google-Stanford study covers a 5-month period and over one billion phishing and malware emails. The US proved to be the biggest target, with 42% of attacks reported. The  obvious reason why email attacks are (still) mostly in English is not because the target is the USA, but because English is the "de-facto" language for technology and internet. Even in other countries is not uncommon to send and receive emails in english.

But attackers are getting smarter with their phishing tactics – from improving grammar to impersonating tone to using a language the target understands. In fact, it is very rare to find the traditional one-size-fits-all phishing attack. The Malware and Phishing Kits (the software) the attackers use is usually capable of inferring the victim's language and use a specific content for each case.

.. And this is the reason why the research also revealed a rise in "foreign" (not english!) language phishing attacks, with 78% of the emails targeting Japanese users occurring in the Japanese language emails and 66% of the attacks that targeted users in Brazil were written in Portuguese. Phishing emails in Dutch happened in the Netherlands, while French-language emails occurred in France. Spanish phishing email attacks also happened in Spain. Other targeted countries that don’t speak English predominantly included India and Indonesia.

Improving Security Systems to Combat Geo-affected Phishing Attacks

The Google-Stanford research tells us that there is a rise in non-English phishing emails occurring in whatever the predominant language is for that specific country. The problem is that existing AI algorithms and natural language processing technologies are designed to detect phishing threats written in English. But with an increase in non-English attacks, including Japanese, German, Portuguese, Spanish, and Italian, phishing defense systems need more training in recognizing trigger words in languages beyond English. Not just that, each attack for each country is truly distinctive, by language, but also because of the use of local cultural expressions.

There is a long list of spam and phishing trigger words spanning various industries, including commerce, financial, recruitment, and medical. These phishing emails create a sense of urgency through carefully crafted subject lines and calls-to-action using these trigger words. AI algorithms have been built to detect these trigger words and automatically place emails containing them in the spam folder. However, native language phishing emails may bypass defense systems because they were developed to detect spam and phishing trigger words in English. 

What is needed from the Security Systems?

The solution lies in training AI and Machine Learning algorithms to recognize trigger words in the language primarily used in that country. Other important aspect is to have a very good footprint of local phishing attacks. Systems that handle attacks differently "by geography" are one step closer to protect all the users which happen to be outside the USA and other English speaking countries.

Let’s talk more about a robust email security solution with a high operationalization level. Contact us today. 

Author: Rui Serra

With degrees in Computer Engineering and Marketing, Rui started his career managing training documentation for IT Training and consulting firms. He then joined Nokia Siemens Networks as a Documentation Specialist and Project Scrum Master before joining AnubisNetworks in 2009, where he has advanced from managing documentation to Product Manager for the growing Product Portfolio.

Find me on: