VIPRE Security Group has released its annual email threat landscape
report titled
‘Email Security in 2025: What to Expect from the Evolving Email Threat Landscape',
highlighting the most significant trends in email-based attacks that
shaped enterprise security in 2024. This comprehensive analysis of
global real-world data reveals the advanced strategies and techniques
employed by cybercriminals in the past year, enabling evidence-based
projections of the emerging email security threats in 2025. VIPRE
processed 7.2 billion emails globally, of which 858 million were
spam.
Spam blitz
Over nine out of 10 emails were categorised as spam - i.e.,
unsolicited, unwanted emails or those sent with malicious intent. Of the
never-seen-before spam emails, 37% fell into the commercial, 32% into
the scam, and 21% into the phishing categories of spam. Across each
quarter of 2024, the US tops the ‘spam senders' list, followed by the
UK. Interestingly, many other countries that feature in the most ‘spam
senders' list are also considered amongst the most trusted, such as
Switzerland, Sweden, and Norway, among others.
Infostealers on the rise
Most of the malware encountered in the last quarter of 2024 were
infostealers and remote access trojans (RATs), designed to spy on
victims' machines and gather sensitive information to send back to the
attacker as well as deliver threats, such as ransomware. Furthermore,
all the malware encountered was Windows-based, such as Stealc, Lumma,
and AgentTesla.
Deceptive phishing manoeuvres
Cybercriminals deployed a variety of phishing tactics with links
(70%) as the top favourite, followed by attachments (25%) and QR codes
(5%). Noteworthy is that the use of QR codes peaked at 12% in Q4 of
2024.
Regarding phishing links, URL redirection was the most employed
tactic (51%), followed by compromised websites (19%) and newly created
domains (7%).
BEC scams at the heart of social engineering
Business email compromise (BEC) remained the favoured social
engineering ploy, reiterating that despite security software becoming
more effective, people continue to be the weakest link. Threat actors
leveraged ‘impersonation' as a tactic in an average of 88% of all cases
- followed by diversion, email hijacking, and account takeover. Also,
executive spoofing persists as a serious threat, worsened by the use of
AI. 74% of the time, CEOs and executives were the roles that were
compromised.
The most targeted industry sector, the most spoofed brand
The manufacturing sector (32%) was consistently the clear favourite
for email-based attacks, with energy (9%), retail (8%), health (5%) and
government (4%) as some of the others.
Microsoft (unsurprisingly) retained its title as the most spoofed
brand throughout the year, with DocuSign, Apple, and Google ranking
highly too.
"This annual email landscape analysis provides valuable insight into
the cybersecurity threats that will challenge businesses in 2025" Usman
Choudhary, Chief Product and Technology Officer, VIPRE Security Group,
said. "To counter the increasingly automated and AI-enhanced email-based
threats, organisations need to implement robust email security
technologies and foster a culture of highly vigilant security awareness
among employees, in equal measure. This dual approach presents the most
realistic and effective approach to surmount the ever-advancing and
difficult-to-spot email-based threats."
Email security threats in 2025
Based on 12 months of extensive observation and research, the notable
trends threatening email security globally in 2025 include the use of
QR codes for phishing and malware delivery, the growth of infostealers
to steal sensitive information, the adoption of deepfakes and synthetic
media (including manipulated images, audio, and video) for email-based
attacks, and hard-to-detect, at-scale AI-driven phishing and social
engineering attacks. BEC will also remain a significant concern.
To read the full report, click here: Email Security in 2025: What to Expect from the Evolving Email Threat Landscape.
VIPRE leverages its vast understanding of email security to equip
businesses with the information they need to protect themselves. This
report is based on proprietary intelligence gleaned from round-the-clock
vigilance of the cybersecurity landscape.