Are non-English speakers better protected from (international) phishing?
There is a really, really good paper on this here.
Tl;dr:
- 95% of spam is in English
- In f.ex. Germany only 17% of the spam is in German
- In Scandinavia it's less than 1% in the local language
Conclusion I: Yes, generic phishing is mostly directed to English speaking people. I can only confirm that many German people will not even consider opening a mail with a non-German subject.
Conclusion II: The main factor for the phishers will be to gain proficiency at the target language. Target languages are English and other "first world" languages, but they are differently hard to learn. Since it's much easier to auto-translate and learn basic English than for example Icelandic, phishing will be much less effective on non-English speakers.
But: Spear phising is much more dangerous and will always be done in a local language, so statistics can't take that into account.
In my opinion (this is a subjective question) they are even less protected.
If you read a phishing mail in your own language (or any other language that you understand) from someone that claims to be "your bank manager" (for example) you may understand better what's going on, and you won't click the link.
But if the mail is in English, and you don't understand the language properly, then you may, unconsciously, click the phishing link to the fake bank website. That's due to the well-known fact that English is the international and business language (even if you can't speak English, you know that fact).
That's more or less how Social Engineering works.
I'd say that is true, but only to the extent that it filters out people who don't know the language the email was written in at all (completely unintelligible). The truth of the matter is if it was profitable for them to have properly translated, grammatically correct, spam emails then they would do it. Sending an email is extremely cheap in regards to labor and cost. The expensive part is the next step where they interact with the respondents. To quote a Microsoft Research paper:
Far-fetched tales of West African riches strike most as comical. Our analysis suggests that is an advantage to the attacker, not a disadvantage. Since his attack has a low density of victims the Nigerian scammer has an over-riding need to reduce false positives. By sending an email that repels all but the most gullible the scammer gets the most promising marks to self-select, and tilts the true to false positive ratio in his favor.
Crappy graphics and poor grammar weed out the people who are less likely to end up sending them money. People who respond despite those factors are more likely to end up sending them money.
In my extended family on my wife's side there is one individual who was almost baited into a "Bill Gates wants to give you millions" scam a couple of years ago. Luckily I was able to convince them that it was a scam, but only barely even though it was blatantly obvious to me. This same person lost a fortune to the Bernie Madoff of Peru many years ago. They also got involved in a business deal more recently with a shyster and ended up losing a good amount of money due to the partner's bad faith. They are a wonderful person, and unfortunately exactly the mark a scammer wants. They don't want someone that will be spooked by poor grammar.