VIPRE Security Group, a global frontrunner in cybersecurity and data protection, has unveiled its email threat landscape report for Q2 2025. This insightful analysis of real world data uncovers pivotal trends in email security, propelling organisations to bolster their defences for the rest of the year.
An alarming 58% of phishing sites utilise unidentifiable phishing kits. Cybercriminals use these tailor-made kits to deploy malicious campaigns on a large scale, often supplemented by AI to cut costs. Since they are custom made these phishing kits cant be reverse engineered, tracked or caught. Notable kits include Evilginx, Tycoon 2FA, and 16shop.
The manufacturing sector remains cybercriminals' primary focus. In Q2 2025, manufacturers endured 26% of email-based threats, including BEC, phishing, and malspam attacks. Retail and Healthcare closely followed, accounting for 20% and 19% of attacks, respectively.
Scandinavian nations, with their advanced economies and digital landscapes, are now prime targets for Business Email Compromise (BEC). Cybercriminals often exploit regional languages for heightened effectiveness. English-speaking executives represent 42% of BEC targets, while the Danish make up 38%.
The strategic inclusion of Danish, Swedish, and Norwegian languages highlights a focused approach in BEC scams. Despite high English proficiency, critical communications in native tongues are common, enhancing the success rate of localised attacks. Impersonation is the most common technique used in BEC scams, with 82% of attempts targeting CEOs and executives
Q2 reveals Lumma Stealer as the leading malware, delivered through malicious attachments or phishing links. It embodies the Malware-as-a-Service (Maas) model, attracting varied threat actors with its support frameworks and affordability.
Email threats increasingly employ financial lures (35%), urgency messaging (25%), and account updates (20%) for hook-based phishing. A staggering 54% use open redirects to mask malicious sites, with compromised websites and URL shorteners as common alternatives. While PDFs (64%) remain the preferred vehicle for delivering malicious attachments, an increasing number now feature embedded QR codes designed to carry out attacks.
“It’s clear what the threat actors are doing – they are outsmarting humans through hyper-personalised phishing techniques using the full capability of AI and deploying at scale,” Usman Choudhary, Chief Product and Technology Officer, VIPRE Security Group, says. “Organisations can no longer rely on standard cybersecurity processes, techniques, and technology. They need comprehensive and advanced email security solutions that can help them to deploy like-for-like defences – at the very least – if not help them stay a step ahead of the tactics used by cybercriminals.”
