VIPRE Email Threat Report 2025

Keypoints

• Annual cybersecurity reports typically include an executive summary, key findings or takeaways, detailed analysis of attack methodologies, sector-specific targeting, and concluding recommendations.
• These reports provide comprehensive data on threat types, attack vectors, malware families, regional targeting, phishing techniques, and attacker strategies.
• Key statistics from Q2 2025 reveal manufacturing (26%) and retail (20%) as the top email attack targets, with manufacturing attacks increasing 71% year-over-year.
• Phishing kits usage has declined, with 58% of phishing sites relying on custom or obfuscated deployments enabled by AI tools.
• Callback phishing emerged as a significant vector, responsible for 16% of phishing attacks, where victims are tricked into calling attackers directly.
• BEC scams accounted for 42% of scam emails, predominantly impersonating executives (82%), with targeted languages including English, Danish, Swedish, and Norwegian.
• Lumma Stealer was the most prevalent malware family in Q2, with Microsoft dismantling its infrastructure after infecting nearly 400,000 machines in two months.
• Malicious email volumes spiked during critical end-of-quarter financial periods, exploiting urgency around invoicing and budget activities.
• Attackers use financial and urgency-themed lures to bait victims, with open redirects (54%) and compromised websites (30%) as primary link delivery methods.
• PDF attachments (64%), often containing malicious QR codes, remain a common method to deliver malware and phishing content that bypasses traditional defenses.
• Credential exfiltration mainly occurs via HTTP POST to remote servers (52%), with alternative methods including email exfiltration and Telegram bots.
• Recurring themes emphasize the shift toward human-centric social engineering attacks, regional and language targeting, and sophisticated evasion tactics by attackers.