VIPRE Report Reveals Key Email Security Threats for 2025 | Infostealers, AI-Driven Phishing, and QR Code Attacks Expected to Persist
VIPRE Security Group has released its annual email threat landscape report, “Email Security in 2025: What to Expect from the Evolving Email Threat Landscape.”
The report highlights the top trends in email-based cyberattacks from 2024 and provides evidence-based predictions for 2025. Drawing from its analysis of 7.2 billion emails globally—of which 858 million were spam—VIPRE warns of the growing sophistication of cyber threats.
Spam Remains a Dominant Threat
Over 90% of the emails processed by VIPRE in 2024 were categorized as spam. Of these, 37% were commercial spam, 32% were scams, and 21% were phishing emails. The U.S. topped the list of spam-sending countries, followed by the U.K. Surprisingly, traditionally trusted nations like Switzerland, Sweden, and Norway also ranked among the top sources of spam.
Infostealers and RATs on the Rise
Infostealers and remote access trojans (RATs) emerged as dominant malware threats in 2024. These threats enable cybercriminals to spy on victims’ machines and exfiltrate sensitive data. The report highlights that all observed malware was Windows-based, including Stealc, Lumma, and AgentTesla.
Phishing Attacks Evolve with QR Codes and URL Redirects
Phishing attacks remained a significant threat, with cybercriminals primarily using malicious links (70%), attachments (25%), and QR codes (5%). Notably, the use of QR codes for phishing peaked at 12% in Q4 of 2024. Attackers favoured URL redirection (51%) as the most common phishing technique, followed by compromised websites (19%) and newly created domains (7%).
Business Email Compromise (BEC) and AI-Powered Spoofing
BEC attacks continued to exploit human vulnerabilities, with impersonation tactics used in 88% of cases. Executive spoofing also remained a major issue, often leveraging AI-generated content. In 74% of incidents, CEOs and executives were the primary targets of these attacks.
Manufacturing Sector and Microsoft Among Top Targets
The manufacturing industry experienced the highest volume of email-based attacks (32%), followed by energy (9%), retail (8%), healthcare (5%), and government (4%). Microsoft remained the most spoofed brand throughout 2024, with DocuSign, Apple, and Google also frequently impersonated.
2025 Email Security Threat Predictions
VIPRE anticipates the following email security threats will persist and evolve in 2025:
Increased use of QR codes for phishing and malware distribution.
• Expansion of infostealers targeting sensitive business information.
• Growth in deepfake and synthetic media attacks leveraging manipulated images, audio, and video.
• AI-driven phishing and social engineering campaigns that are harder to detect.
• Continued prevalence of BEC attacks, exploiting human error and organizational trust.
Usman Choudhary, Chief Product and Technology Officer at VIPRE Security Group, emphasized the need for proactive security measures: “To counter increasingly automated and AI-enhanced email-based threats, organizations must implement robust email security technologies and cultivate a culture of vigilance among employees. A combined approach is the best defense against the ever-evolving landscape of email security threats.”
For a detailed analysis, access the full report: “Email Security in 2025: What to Expect from the Evolving Email Threat Landscape.”
