Vipre 2024 Email Threat Analysis: Key Insights Into Email Security for 2025

Annual email threat research predicts infostealer, BEC attacks, and AI-driven phishing and social engineering as persistent threats in 2025, alongside the use of QR codes, deepfakes, and synthetic media for email security strikes  

VIPRE Security Group, a global leader and award-winning cybersecurity, privacy, and data protection company, has released its annual email threat landscape report titled ‘Email Security in 2025: What to Expect from the Evolving Email Threat Landscape’, highlighting the most significant trends in email-based attacks that shaped enterprise security in 2024. This comprehensive analysis of global real-world data reveals the advanced strategies and techniques employed by cybercriminals in the past year, enabling evidence-based projections of the emerging email security threats in 2025.  VIPRE processed 7.2 billion emails globally, of which 858 million were spam.

Spam blitz

Over nine out of 10 emails were categorised as spam – i.e., unsolicited, unwanted emails or those sent with malicious intent. Of the never-seen-before spam emails, 37% fell into the commercial, 32% into the scam, and 21% into the phishing categories of spam. Across each quarter of 2024, the US tops the ‘spam senders’ list, followed by the UK. Interestingly, many other countries that feature in the most ‘spam senders’ list are also considered amongst the most trusted, such as Switzerland, Sweden, and Norway, among others.

Marketing Tech Insights: Sebastian Steinhaeuser Joins SAP Board, Saueressig’s Contract Extended

Infostealers on the rise

Most of the malware encountered in the last quarter of 2024 were infostealers and remote access trojans (RATs), designed to spy on victims’ machines and gather sensitive information to send back to the attacker as well as deliver threats, such as ransomware. Furthermore, all the malware encountered was Windows-based, such as Stealc, Lumma, and AgentTesla.

Deceptive phishing manoeuvres

Cybercriminals deployed a variety of phishing tactics with links (70%) as the top favourite, followed by attachments (25%) and QR codes (5%). Noteworthy is that the use of QR codes peaked at 12% in Q4 of 2024.

Regarding phishing links, URL redirection was the most employed tactic (51%), followed by compromised websites (19%) and newly created domains (7%).

Marketing Tech Insights: Turo Partners with AI Pioneer Mutinex for Global Marketing

BEC scams at the heart of social engineering

Business email compromise (BEC) remained the favoured social engineering ploy, reiterating that despite security software becoming more effective, people continue to be the weakest link. Threat actors leveraged  ‘impersonation’ as a tactic in an average of 88% of all cases – followed by diversion, email hijacking, and account takeover. Also, executive spoofing persists as a serious threat, worsened by the use of AI. 74% of the time, CEOs and executives were the roles that were compromised.

The most targeted industry sector, the most spoofed brand

The manufacturing sector (32%) was consistently the clear favourite for email-based attacks, with energy (9%), retail (8%), health (5%) and government (4%) as some of the others.

Microsoft (unsurprisingly) retained its title as the most spoofed brand throughout the year, with DocuSign, Apple, and Google ranking highly too.

“This annual email landscape analysis provides valuable insight into the cybersecurity threats that will challenge businesses in 2025” Usman Choudhary, Chief Product and Technology Officer, VIPRE Security Group, said. “To counter the increasingly automated and AI-enhanced email-based threats, organisations need to implement robust email security technologies and foster a culture of highly vigilant security awareness among employees, in equal measure. This dual approach presents the most realistic and effective approach to surmount the ever-advancing and difficult-to-spot email-based threats.”

Marketing Tech Insights: Yottaa 2025 Web Index: Faster Load Times Boost Growth

Email security threats in 2025

Based on 12 months of extensive observation and research, the notable trends threatening email security globally in 2025 include the use of QR codes for phishing and malware delivery, the growth of infostealers to steal sensitive information, the adoption of deepfakes and synthetic media (including manipulated images, audio, and video) for email-based attacks, and hard-to-detect, at-scale AI-driven phishing and social engineering attacks. BEC will also remain a significant concern.

VIPRE leverages its vast understanding of email security to equip businesses with the information they need to protect themselves. This report is based on proprietary intelligence gleaned from round-the-clock vigilance of the cybersecurity landscape.

For media inquiries, you can write to our MarTech Newsroom at news@intentamplify.com

Source – PR Newswire