The emerging trends of VIPRE's Q2 2025 email threat landscape report

VIPRE's latest report unveils crucial email threat trends of 2025, essential for fortifying businesses against future attacks.

VIPRE Security Group, a global frontrunner in cybersecurity and data protection, has unveiled its email threat landscape report for Q2 2025. This insightful analysis of real world data uncovers pivotal trends in email security, propelling organisations to bolster their defences for the rest of the year.

An alarming 58% of phishing sites utilise unidentifiable phishing kits. Cybercriminals use these tailor-made kits to deploy malicious campaigns on a large scale, often supplemented by AI to cut costs. Since they are custom made these phishing kits cant be reverse engineered, tracked or caught. Notable kits include Evilginx, Tycoon 2FA, and 16shop.

The manufacturing sector remains cybercriminals' primary focus. In Q2 2025, manufacturers endured 26% of email-based threats, including BEC, phishing, and malspam attacks. Retail and Healthcare closely followed, accounting for 20% and 19% of attacks, respectively.

Scandinavian nations, with their advanced economies and digital landscapes, are now prime targets for Business Email Compromise (BEC). Cybercriminals often exploit regional languages for heightened effectiveness. English-speaking executives represent 42% of BEC targets, while the Danish make up 38%.

The strategic inclusion of Danish, Swedish, and Norwegian languages highlights a focused approach in BEC scams. Despite high English proficiency, critical communications in native tongues are common, enhancing the success rate of localised attacks. Impersonation is the most common technique used in BEC scams, with 82% of attempts targeting CEOs and executives

Q2 reveals Lumma Stealer as the leading malware, delivered through malicious attachments or phishing links. It embodies the Malware-as-a-Service (Maas) model, attracting varied threat actors with its support frameworks and affordability.

Email threats increasingly employ financial lures (35%), urgency messaging (25%), and account updates (20%) for hook-based phishing. A staggering 54% use open redirects to mask malicious sites, with compromised websites and URL shorteners as common alternatives. While PDFs (64%) remain the preferred vehicle for delivering malicious attachments, an increasing number now feature embedded QR codes designed to carry out attacks.

“It’s clear what the threat actors are doing – they are outsmarting humans through hyper-personalised phishing techniques using the full capability of AI and deploying at scale,” Usman Choudhary, Chief Product and Technology Officer, VIPRE Security Group, says. “Organisations can no longer rely on standard cybersecurity processes, techniques, and technology. They need comprehensive and advanced email security solutions that can help them to deploy like-for-like defences – at the very least – if not help them stay a step ahead of the tactics used by cybercriminals.”

Certification's true value lies beyond speed, focusing on continuous system improvement for genuine...
Supermicro expands its AI edge computing solutions with Intel's advanced technologies, aiming to...
One Identity sets new course as an independent entity, focusing on identity governance with its...
A surge in AI adoption results in increased security concerns across UK and US enterprises, despite...
N-able introduces Shadow AI Visibility to monitor AI tool usage, enhancing organisational security...
Vanquis integrates Freshservice to streamline service operations, marking a development in its...
Scality and OVHcloud partner to deliver a sovereign cloud platform tailored for European digital...
Perforce Software has introduced updates to its DevOps tech stack, adding new tools for AI...