A quarter (24.77%) of all spam emails sent in 2021 originated from Russia, with more than half (56%) of all emails being spam messages.
That’s according to Kaspersky’s latest Annual Spam and Phishing Report, which analysed close to 150 million malicious email attachments blocked by the cyber security provider’s antivirus over the course of last year.
Kaspersky identified 10 countries that were responsible for sending out more than three quarters of the world’s spam emails, with Russia and Germany (14.12%) being the most prolific senders.
The US and China came in third and fourth place, at 10.46% and 8.73% respectively. The Netherlands (4.75%) came in fifth place, followed by France (3.57%), Spain (3%) and Brazil (2.41%), Japan (2.36%), and Poland (1.66%).
When compared to 2020, Russia and China had the most significant rise in sent spam – a 3.5% and 2.5% increase, respectively.
Brazil-based users were most often targeted by phishing attacks, with 12.4% of 2021’s victims being based in the South American country, followed by French, Portuguese, and Mongolian users.
When it came to content, 2021’s spam emails mostly centred around popular topics including money and investment, Bond and Spider-Man movie premieres, and the pandemic, which Tatyana Shcherbakova, security expert at Kaspersky, described as “bread and butter for scammers”.
The most notable COVID-related scams included fictitious financial support schemes and fake COVID vaccination passes and QR codes, Kaspersky found.
“These scams prove to be very efficient as people continue to trust too much of what they see in their inboxes and browsers. We believe it is important to be aware that there are a lot of offers out there that seem “too good to be true”,” she said, calling on people “to be cautious when it comes to trusting what’s in their email”.
“This approach may help them save their private data and money,” Shcherbakova added.
Kaspersky’s findings come weeks after Microsoft issued a warning about hackers targeting Microsoft 365 users with a fake app capable of stealing OAuth authentication tokens, providing them full access to the victim’s email, calendar, and contacts.