Success rate of spear phishing attacks against Gmail users
Study: Threat Group-4127 Targets Google Accounts
Date: June 26 2016
"In mid-2015, CTU researchers discovered TG-4127 using the accoounts-google . Com domain in spearphishing attacks targeting Google Account users. The threat group used the Bitly URL-shortening service to hide the location of a spoofed Google login page. Recipients who clicked the link were presented with a fake Google Account login page. The threat actors could use entered credentials to access the contents of the associated Gmail account."
"SecureWorks Counter Threat Unit (CTU) researchers analyzed 4,396 phishing URLs sent to 1,881 Google Accounts between March and September, 2015. More than half (59%) of the URLs were accessed, suggesting that the recipients at least opened the phishing page."
"Most of the targeted accounts received multiple phishing attempts, which may indicate that previous attempts had been unsuccessful. However, 35% of accounts that accessed the malicious link were not subject to additional attempts, possibly indicating that the compromise was successful."
"Of the accounts targeted once, CTU researchers determined that 60% of the recipients clicked the malicious Bitly. Of the accounts that were targeted more than once, 57% of the recipients clicked the malicious link in the repeated attempts."