Kaspersky reports 15% surge in malicious email attacks in 2025

Author:

:

 15 % surge in malicious email attacks in 2025 — full details

Cybersecurity firm Kaspersky reports a significant rise in malicious email activity during 2025:

  • Global telemetry shows over 144 million malicious or potentially unwanted email attachments detected in 2025 — a 15 % increase over 2024. (Kaspersky)
  • Spam accounted for almost half (44.99 %) of all global email traffic last year. (Kaspersky)
  • Email threat spikes occurred most prominently in June, July and November, suggesting seasonal or campaign‑driven peaks. (Daily Capital Views)

The malicious emails involved multiple threat types, such as:

  • phishing links,
  • scam attachments,
  • socially engineered lures directing victims to fake sites,
  • and malicious code hidden behind images, PDF files, QR codes and obfuscated links. (Kaspersky)

 Geographic threat distribution

Kaspersky’s data highlights how the surge played out across regions:

Region Share of Malicious Email Detections
Asia‑Pacific (APAC) ~30 %
Europe ~21 %
Latin America ~16 %
Middle East ~15 %
Russia & CIS ~12 %
Africa ~6 %

At the country level, China reported the highest rate of malicious attachments (≈14 %), followed by Russia (≈11 %), Mexico and Spain (each ≈8 %), and Turkey (≈5 %). (Kaspersky)

 Key threat trends in email attacks

The 2025 analysis also identified evolving attacker tactics:

1. Multi‑layer campaigns
Attackers often combine email with other channels — for example, steering victims from email to messaging platforms or fraudulent phone numbers. (Kaspersky)

2. Evasion techniques
Phishing URLs are disguised using QR codes concealed in documents, PDF attachments or even within HTML frames to bypass filters and trick users into scanning them. (Kaspersky)

3. Legitimate platform abuse
Some campaigns abused features from trusted services (for example, arranging team invites or calendar events) to make spam appear more credible. (Kaspersky)

4. Business Email Compromise (BEC)
Cybercriminals increasingly embed fake forwarded message headers to make phishing look like normal work email threads — making detection harder. (Daily Capital Views)

 Why this matters

Email remains one of the primary attack vectors for cybercrime, and Kaspersky notes:

  • About 1 in 10 business incidents begins with an email‑based phishing attack. (Daily Capital Views)
  • The commodification of generative AI (e.g., using large language models to craft convincing phishing text) allows attackers to personalise emails at scale with minimal effort. (Daily Capital Views)
  • Slight variations in links, headers or QR code obfuscation can slip past traditional filters, increasing the risk of credential theft, malware deployment and financial fraud. (Kaspersky)

Kaspersky and other security experts stress that email phishing remains a top entry point for ransomware, credential compromise and broader network breaches — making mail‑server security and user training critical. (Daily Capital Views)

 Expert recommendations

To reduce exposure to rising email threats, Kaspersky’s guidance includes:

  • Treating unsolicited emails with suspicion, even if they appear to come from trusted senders. (Kaspersky)
  • Inspecting links and QR codes before clicking. (Kaspersky)
  • Avoiding phone numbers provided in suspicious messages — find official contacts independently. (Kaspersky)
  • For organisations: deploying robust mail‑server security software with multi‑layered threat detection and machine‑learning defence. (Kaspersky)

 Bottom line

The 15 % rise in malicious email attacks in 2025 reflects a broader trend of increasingly sophisticated and high‑volume phishing and malware‑laden campaigns, driven partly by evolving evasion techniques and AI‑assisted social engineering. Email remains a key battleground in cybersecurity, and heightened awareness and protection m

Kaspersky Reports 15 % Surge in Malicious Email Attacks in 2025 — Case Studies and Comments

In its 2025 annual analysis, cybersecurity firm Kaspersky disclosed that malicious email attacks increased by 15 % compared to 2024, with over 144 million malicious or potentially unwanted email attachments detected worldwide. Spam — which includes phishing, scams and malware — accounted for nearly half of all email traffic last year. (Kaspersky)

Below are real‑world‑style case examples and expert comments showing how this surge played out in practice and what it means.

 Case Studies

1) Combined Spam → Phishing → Social Engineering Campaigns

What happened:
Threat actors send large volumes of seemingly ordinary spam that contain hidden phishing links or attachments. In many cases they don’t simply ask users to click — they redirect victims to messaging apps or ask them to call fake support numbers, using multi‑channel tactics to increase the chance of deception. (Kaspersky)

Result:
• Users who ignored links in email may still respond to a follow‑up SMS or phone call.
• Organisations see spikes in help‑desk tickets tied to email fraud.

Lesson:
Attackers are blending channels, so email is often the first step in a wider scam chain. (Kaspersky)

2) QR Code and URL Obfuscation in Phishing Emails

Scenario:
Emails appearing to be from trusted services include QR codes or disguised links embedded in PDFs — convincing because users expect QR codes in legitimate communications (e.g., event tickets or account verification). (Kaspersky)

Impact:
• Scanning the QR code on a phone can bypass some email filtering protections.
• Users are taken to phishing pages crafted to mimic official bank or service login screens.

What it shows:
Malicious actors are using evasion techniques specifically designed to slip past traditional filtering and exploit weaker mobile security. (Kaspersky)

3) Abuse of Legitimate Platforms for Spam Distribution

Example:
Kaspersky research found threats that abused features of trusted services — such as open invitation tools — to send spam appearing to come from official organisational domains. (Kaspersky)

Consequence:
Recipients are more likely to click links from a “trusted” domain, making these scams especially dangerous for corporate environments.

Why this matters:
Leveraging legitimate platforms increases the perceived legitimacy of email threats, lowering users’ guard and increasing click‑through rates. (Kaspersky)

4) Sophisticated Business Email Compromise (BEC) Techniques

Scenario:
Threat actors used fake “forwarded” messages without standard email headers to make phishing appear like part of ongoing corporate conversations. (Kaspersky)

Result:
• Employees were deceived into thinking the emails were genuine.
• Financial departments were tricked into acting on false invoice or payment change requests.

Key insight:
BEC attacks are evolving to mimic real business workflows, increasing their financial impact. (Kaspersky)

 Comments and Expert Reactions

 Security Analysts

Cybersecurity specialists note that email remains the dominant gateway for malware and credential theft — with 1 in 10 business attacks beginning with a phishing email. Generative AI is helping attackers craft more personalised, convincing messages at scale. (Kaspersky)

Comment:

“AI‑assisted phishing reduces the effort needed to personalise attacks, making them more effective and harder to detect.” — Kaspersky threat expert quoted in the analysis. (Kaspersky)

 Enterprise IT Teams

IT professionals are adjusting strategy:

  • Deploying multi‑layer mail security systems
  • Training staff to recognise evasive link tricks and social engineering
  • Monitoring for unusual email patterns

Many note that traditional signature‑based filters are not enough given attackers’ obfuscation methods. (Kaspersky)

 Public Awareness and User Behaviour

General users often report:

  • Scam emails pretending to be official from banks or payment services
  • Messages that reference real calendar events or corporate structures
  • QR codes that look legitimate but redirect to credential‑harvesting pages

These anecdotal insights match Kaspersky’s detection patterns and highlight how familiar elements are repurposed for malicious intent. (Kaspersky)

 Broader Threat Context

The surge in malicious email attacks is part of a wider increase in cyber threats throughout 2025, including spikes in password stealers, spyware and other malware. Kaspersky also noted heavy overall malware detection growth last year. (Kaspersky)

Other industry threat reports show phishing and social‑engineering vectors remain among the fastest‑growing attack types globally. (Reddit)

 Bottom Line

The 15 % increase in malicious email attacks in 2025 underscores:

  • Attackers’ growing sophistication in phishing and social engineering. (Kaspersky)
  • Use of multi‑stage and multi‑channel tactics. (Kaspersky)
  • Persistent threat to both individual users and organisations. (Kaspersky)

Email defence requires layered security, ongoing training, and vigilance, especially as threat actors adopt AI tools to personalise and scale attacks. (Kaspersky)

 

 

Categories: Digital Marketing, News