Cybercriminals are increasingly abandoning sophisticated technical approaches in favour of human-centric social engineering tactics, according to a new report from cybersecurity firm VIPRE Security Group.
The company’s Q1 2025 Email Threat Analysis, released this week, reveals a significant shift in attack vectors with “callback phishing” emerging as a major threat to businesses of all sizes, including SMEs who often lack robust security infrastructure.
Old Tricks, New Tactics
After analysing 1.45 billion emails processed globally during the first quarter of 2025, VIPRE discovered that callback Phishing scams – virtually non-existent in their data last year – now account for 16% of all phishing attempts.
These scams involve tricking victims into calling seemingly legitimate phone numbers through emails or texts, where they’re then manipulated into revealing sensitive information or downloading malware. The approach allows attackers to completely bypass traditional email scanning technology.
This rise corresponds with a dramatic 42% drop in link-based phishing attempts compared to Q1 2024, suggesting criminals are adapting to evade increasingly effective link-scanning defences.
SVG Files: The New Weapon of Choice
The report identifies another concerning trend for small and medium businesses: SVG image files are rapidly becoming Cybercriminals‘ preferred attachment type for delivering malicious payloads, accounting for 34% of Phishing attachments – nearly matching PDFs at 36%.
By embedding malicious code in SVG files, attackers can execute JavaScript when opened in a web browser, redirecting users to compromised websites while bypassing anti-phishing technologies. The US remains the most targeted region for such attacks, followed by Europe.
Manufacturing Sector Most Vulnerable
Particularly relevant for manufacturing SMEs, the report confirms the sector remains Cybercriminals’ primary target, accounting for 36% of targeted email attacks. Retail and financial sectors tie for second place at 15% each.
This continued focus on manufacturing businesses highlights the need for enhanced vigilance and security awareness among smaller manufacturers who may lack the Cybersecurity resources of larger enterprises.
Spam Dominates Email Traffic
The report presents a sobering picture of overall email security: 92% of all processed emails were classified as spam, with 67% of those categorised as actively malicious. The US leads as both the primary source and recipient of spam emails.
For UK-based SMEs, the data shows the UK and Ireland each account for 8% of both sending and receiving malicious emails – a significant figure that underscores the need for robust email security among British small businesses.
Processing 1.45 billion emails, the key findings:
• 92% of emails were spam
• Callbacks account for 1 in 5 phishing attempts
• SVG files are fast becoming cybercriminals’ favoured types of attachments
• XRed was responsible for the most malware attacks in Q1 2025, surpassing Lumma
• The manufacturing sector remains the most targeted sector
• The US is the leading source of spam emails
Rethinking Email Security
Usman Choudhary, Chief Product and Technology Officer at VIPRE Security Group, emphasised the implications of these findings: “There’s a clear shift in cybercriminals’ preference towards low-tech, high-impact, human-centric tactics. This demands a fundamental rethink of email security – one that addresses the human element as vigilantly as the technological.”
The findings suggest that small and medium businesses, often operating with limited security resources, must prioritise both technical defences and staff training to combat these evolving threats.
For SMEs concerned about these emerging threats, VIPRE recommends implementing comprehensive email security solutions that combine technical protection with ongoing security awareness training for all employees.
