Table of Contents
The United States attracts 65% of the world’s cyber attacks, according to Blackberry’s latest Threat Intelligence Report. Japan straggles in 2nd place with a mere 8%! Considering that 90% of these attacks begin with a phishing attack to gain entrance into a system, one asks, what makes the US such a prime target for phishing?
Phishing is a global issue affecting users and organizations worldwide. In Europe, countries such as the United Kingdom, Germany, and France have also experienced high levels of phishing activity due to their economic importance and online presence. And, countries with emerging economies and growing internet penetration rates may see increased phishing attacks as cybercriminals target newly connected users.
And yet, the United States offers the cyberthug a victim with far-reaching economic influence, technological advancement, and—considering the abundance of social and mass media channels on offer—an inordinately high rate of online activity. It is important to note that the US may not always hold the top position, as the distribution of phishing attacks can vary over time; however, its prominence as a target is comfortably consistent.
The Popularity Permeability
The United States is often considered a prime target for phishing attacks due to several factors:
The United States plays a significant role in global politics, and attackers with political motivations may target US individuals, organizations, or government institutions to gain access to sensitive information or disrupt operations. These attacks aim to gather sensitive information, manipulate public opinion, or disrupt political processes. Examples of such attacks are often reported by cybersecurity firms, but specific URLs may vary over time.
The clearest example of this is probably Russia’s continuing efforts to influence American elections. Its alleged orchestration of disinformation campaigns during the 2016 US presidential elections, using social media platforms employed trolls and bots spreading false information, manipulating public opinion, and creating divisions among the electorate. President Putin’s personally ordered ‘Operation Lakhta‘ reportedly left behind evidence of contacts between Donald Trump’s campaign and Russian officials, prompting a warning from then-President Barak Obama.
During their 2014 Ukraine rehearsal, Russian agents engaged in email hacking, DDoS attacks, and vote-tally interference. The special investigator’s Mueller Report revealed that a Kremlin-linked troll farm was engaged to attack social media, while Russian Intelligence (GRU) hacked Democrat email accounts and infiltrated voter registration systems through spear-phishing campaigns.
Although opinions vary on the influence the campaign had on the actual results, there is no doubt that they succeeded in undermining popular confidence in the system—especially amongst Trump’s home base—and in those communications channels upon which a free society depends – primarily fake-news-infested social media.
At 23.6% in Q1 2022, the financial sector is the most targeted industry for phishing. Consequently, the United States’ status as the world’s largest economy and its concentration of multinational corporations make it an attractive target for phishing attacks… and an easy one.
As banking and other financial activities move online, more and more of our activities are prone to attack. Online banking, online financial trading, paying bills and suppliers, and family budget planning—all use simple apps to administer and manage our money; and at the corporate level, these numbers multiply exponentially! Moreover, despite China’s best efforts, the US dollar remains the world’s dominant exchange currency, and an attack on that currency’s issuer is an attack on every single entity trading anything of value around the world.
Cyberthugs are in the business of making money, and the higher the target’s value, the higher the odds of a larger profit. Because the United States is home to financial institutions and high-net-worth individuals phishing attempts often target employees of major companies and financial institutions to gain access to valuable corporate data or financial information. Besides short-term profit, they also aim to exploit the information behind valuable financial targets, most of whom are found in the US.
The US has a highly developed technological infrastructure and widespread internet access, with a significant number of internet users and online services. The high number of internet users and the prevalence of online services create more opportunities for phishing attacks to occur. As mentioned above, we have come to rely to an alarming extent on our easy-to-hijack personal devices—especially since the Covid pandemic—and think nothing of enriching our social channels with the most personal details of our lives, providing a rich compendium of information for hackers to steal and/or manipulate.
It’s hardly surprising that one of the biggest hacks in history occurred in August 2013—the hacking of 3 billion Yahoo accounts. Six years later it was Facebook’s turn and in 2020 – Linkedin. Amazon has been breached 14 times in as many years!
Without doubt, our extensive online presence increases the attack surface for cybercriminals to exploit. And all it takes is one careless customer or employee for such a breach to take place.
Language and Cultural Dominance
English is the predominant language used around the world, if a scammer wants to reach the widest audience, it pays for phishing material to be written in English. Logically, it follows that the country with the greatest number of English speakers will become a prime target for phishing attacks in the English-speaking world. Additionally, American cultural references and institutions are often recognized globally, making them more susceptible to exploitation in phishing attempts.
Phishing attacks frequently exploit this lingual dominance by sending phishing emails or creating fake websites that imitate well-known US-based brands or organizations or simply those written in English (gain the largest audience).
Add to this the matter of cultural imperialism, which also perhaps adds to the anti-establishment hacker’s desire to strike at the core of the evil.
Lack of Cybersecurity Awareness
Admittedly a global problem and not limited to the US, despite efforts to educate the public about cybersecurity, many individuals and organizations remain unaware of the risks and ignore cybersecurity best practices. This knowledge gap makes them more susceptible to phishing attempts. Numerous cybersecurity organizations and government agencies provide resources and educational materials to address this issue, such as the Federal Trade Commission (ftc.gov) in the United States. But even more simply lack the resources to implement security measures.
One example of this is the healthcare sector—a most important critical infrastructure for whom ransomware instigators meet up with a save-life-first approach of pay now, worry later. Here again, the attack surface extends over employees, suppliers, and patients alike, but also a host of IoT technology, and it is protected by a usually understaffed, overworked cybersec team, underfunded due to the hefty price tag of competing life-saving medical equipment.
It is important to note that while the United States may be a primary target for phishing attacks, phishing is a global issue affecting users and organizations in various countries. It’s crucial for individuals and businesses worldwide to remain vigilant and adopt robust cybersecurity measures to protect themselves against these threats.
Remember that phishing attacks constantly evolve, and specific examples can quickly become outdated. Staying informed about the latest cybersecurity threats and following best practices is crucial to protect against phishing attempts. The best way to stay safe, of course, is by installing the novoShield Safari extension that will prevent phishing pages from opening—even if you do inadvertently click on a phishing link.