2025 Email Threats Report: AI's Impact on Security Measures

Edward Zhou
Edward Zhou

CEO & Founder

 
July 15, 2025 3 min read

Key Findings from the 2025 Email Threats Report

The 2025 Email Threats Report by Barracuda Networks highlights the evolution of email-based threats, focusing on advanced tactics employed by cybercriminals.

83% of malicious Microsoft 365 documents contain QR codes that lead to phishing websites.

1 in every 4 HTML attachments are malicious.

20% of companies experience at least one account takeover (ATO) incident each month.

12% of malicious PDF attachments are Bitcoin sextortion scams.

Email Threat Landscape Overview

Barracuda's analysis of 670 million emails in February 2025 reveals that email continues to be the most common attack vector, with a staggering 24% of messages classified as either malicious or unwanted spam. The report underlines the need for organizations to adopt stringent security measures to combat these threats, particularly given the high prevalence of malicious attachments and links.

87% of binaries detected were malicious, emphasizing the critical need for policies against executable files sent via email. HTML files, while less common, showed a notable malicious rate of 23%, often utilized for phishing and credential theft.

Insights from Fortra's 2025 Email Threat Intelligence Report

According to Fortra's 2025 Email Threat Intelligence Report, which analyzed over one million unblocked email threats from 2024, response-based social engineering tactics and links to phishing sites constituted 99% of the examined threats. Only 1% of malicious emails delivered malware, indicating that pre-delivery email defenses are more effective against malware than against sophisticated phishing attacks.

The report highlights the increasing sophistication of adversaries, utilizing simple emails with phone numbers and QR codes to lure victims into insecure environments, making detection challenging. As cybercriminals adopt generative AI to refine their tactics, the need for robust security practices becomes even more paramount.

“The incorporation of AI and trusted tools, paired with an unimaginable amount of stolen personal data, means today’s phishing campaigns are more likely than ever to compromise users,” stated Matt Reck, CEO of Fortra.

Specific Threats Highlighted

The report emphasizes several alarming trends:

  • Phishing and Account Takeovers: Approximately 20% of organizations face at least one ATO incident monthly. Attackers exploit weak passwords and phishing schemes to gain access.
  • Malicious QR Codes: A significant percentage of malicious attachments, including 68% of PDFs and 83% of Microsoft documents, contain QR codes directing users to phishing sites.
  • Bitcoin Sextortion Scams: These scams account for 12% of malicious PDF attachments, highlighting the need for vigilance against fear-based tactics.

Advanced Threat Detection and Recommendations

Olesia Klevchuk, Barracuda’s product marketing director for Email Protection, remarked, “Email remains the most common attack vector for cyberthreats because it provides an easy entry point into corporate networks.” A multi-layered approach to email security is crucial, incorporating AI-driven threat detection and best practices, such as implementing DMARC to thwart impersonation attacks.

As organizations navigate the evolving threat landscape, staying informed about the latest risks and adopting comprehensive security measures are essential for safeguarding against email-based attacks.

Explore how Gopher Security can help enhance your email security strategy and protect your organization against these emerging threats.

Edward Zhou
Edward Zhou

CEO & Founder

 

CEO & Founder of Gopher Security, leading the development of Post-Quantum cybersecurity technologies and solutions..

Related Articles

Ransomware Attacks Target Russian Vodka and Healthcare Sectors

The Novabev Group, parent company of the Beluga vodka brand, experienced a ransomware attack on July 14, 2025, causing significant disruptions. The attack affected WineLab, the company's liquor store chain, leading to a three-day closure of over 2,000 locations in Russia. The company reported that the attack crippled its IT infrastructure, particularly point-of-sale systems and online services. Novabev Group stated, "The company maintains a principled position of rejecting any interaction with cybercriminals and refuses to fulfill their demands."

By Alan V Gutnov July 19, 2025 3 min read
Read full article

Retail Sector Faces Surge in Ransomware Attacks: A 2025 Analysis

Publicly disclosed ransomware attacks on the retail sector globally surged by 58% in Q2 2025 compared to Q1, with UK-based firms being particularly targeted, according to a report by BlackFog. This spike in attacks follows high-profile breaches affecting retailers like Marks & Spencer (M&S), The Co-op, and Harrods, attributed to the threat actor known as Scattered Spider.

By Alan V Gutnov July 19, 2025 2 min read
Read full article

AI-Driven Lcryx Ransomware Emerges in Cryptomining Botnet

A cryptomining botnet active since 2019 has incorporated a likely AI-generated ransomware known as Lcryx into its operations. Recent analysis by the FortiCNAPP team at FortiGuard Labs identified the first documented incident linking H2miner and Lcryx ransomware. This investigation focused on a cluster of virtual private servers (VPS) utilized for mining Monero.

By Edward Zhou July 19, 2025 3 min read
Read full article

Preventing ClickFix Attacks: Safeguarding Against Human Error

ClickFix is an emerging social engineering technique utilized by threat actors to exploit human error. This technique involves misleading users into executing malicious commands under the guise of providing "quick fixes" for common computer issues. Threat actors use familiar platforms and deceptive prompts to encourage victims to paste and run harmful scripts.

By Alan V Gutnov July 19, 2025 3 min read
Read full article