The emerging trends of VIPRE's Q2 2025 email threat landscape report

VIPRE's latest report unveils crucial email threat trends of 2025, essential for fortifying businesses against future attacks.

VIPRE Security Group, a global frontrunner in cybersecurity and data protection, has unveiled its email threat landscape report for Q2 2025. This insightful analysis of real world data uncovers pivotal trends in email security, propelling organisations to bolster their defences for the rest of the year.

An alarming 58% of phishing sites utilise unidentifiable phishing kits. Cybercriminals use these tailor-made kits to deploy malicious campaigns on a large scale, often supplemented by AI to cut costs. Since they are custom made these phishing kits cant be reverse engineered, tracked or caught. Notable kits include Evilginx, Tycoon 2FA, and 16shop.

The manufacturing sector remains cybercriminals' primary focus. In Q2 2025, manufacturers endured 26% of email-based threats, including BEC, phishing, and malspam attacks. Retail and Healthcare closely followed, accounting for 20% and 19% of attacks, respectively.

Scandinavian nations, with their advanced economies and digital landscapes, are now prime targets for Business Email Compromise (BEC). Cybercriminals often exploit regional languages for heightened effectiveness. English-speaking executives represent 42% of BEC targets, while the Danish make up 38%.

The strategic inclusion of Danish, Swedish, and Norwegian languages highlights a focused approach in BEC scams. Despite high English proficiency, critical communications in native tongues are common, enhancing the success rate of localised attacks. Impersonation is the most common technique used in BEC scams, with 82% of attempts targeting CEOs and executives

Q2 reveals Lumma Stealer as the leading malware, delivered through malicious attachments or phishing links. It embodies the Malware-as-a-Service (Maas) model, attracting varied threat actors with its support frameworks and affordability.

Email threats increasingly employ financial lures (35%), urgency messaging (25%), and account updates (20%) for hook-based phishing. A staggering 54% use open redirects to mask malicious sites, with compromised websites and URL shorteners as common alternatives. While PDFs (64%) remain the preferred vehicle for delivering malicious attachments, an increasing number now feature embedded QR codes designed to carry out attacks.

“It’s clear what the threat actors are doing – they are outsmarting humans through hyper-personalised phishing techniques using the full capability of AI and deploying at scale,” Usman Choudhary, Chief Product and Technology Officer, VIPRE Security Group, says. “Organisations can no longer rely on standard cybersecurity processes, techniques, and technology. They need comprehensive and advanced email security solutions that can help them to deploy like-for-like defences – at the very least – if not help them stay a step ahead of the tactics used by cybercriminals.”

Forescout's latest report sheds light on skyrocketing ransomware attacks, zero-day exploits, and...
Infoblox's latest report details a rise in DNS-based cyberthreats, highlighting sophisticated...
Palo Alto Networks' acquisition of CyberArk marks a significant shift, introducing Identity...
CrowdStrike's 2025 Threat Hunting Report unveils the evolution of cyberattacks as adversaries...
Netskope reports an unprecedented rise in genAI platform usage, with a notable increase in shadow...
Fortinet’s Fabric-Ready Technology Alliance has achieved over 3,000 integrations, empowering...
UK startup Sitehop leverages in-house testing to enhance their quantum encryption platform,...
Ransomware attacks remain rampant worldwide with organisations facing multiple security challenges....