VIPRE's Q1 2025 Email Threat Analysis Reveals Cybercriminals Are Having More Success with Low-Tech, Human-Centric Attacks

Callback scams vie for top phishing vector position, SVG image files bypass defenses, and XRed is the malware family of the quarter   

LONDON, April 28, 2025 /PRNewswire/ -- VIPRE Security Group, a global leader and award-winning cybersecurity, privacy, and data protection company, has released its email threat landscape report for Q1 2025. This report, based on an analysis of global real-world data, highlights the most significant email security trends from the first quarter of 2025, to enable organisations to strategise their email security defenses for the year ahead. VIPRE processed 1.45 billion emails globally, of which a whopping 92% were spam.

Callback phishing battles links, pushing for the top spot 

Cybercriminals are taking the sentiment "work smarter, not harder" to a whole other level with callback phishing scams, a vector that wasn't even part of the equation last year. In Q1 2025, it accounts for 16% of phishing attempts. This is pertinent because link usage, which accounted for 75% of phishing attempts in Q1 2024, dropped by 42% in Q1 2025, making room for callbacks, which now account for nearly one in five attempts. With email scanning technology now adept at spotting compromised links, cybercriminals are resorting to callback scams via emails that leave no trace at all.

Callback phishing is a social engineering attack where victims are tricked into calling a seemingly legitimate phone number through emails or texts to reveal sensitive information or download malware.

SVG phishing on the rise

SVG files are fast becoming cybercriminals' favoured types of attachments (34%) for phishing attacks, coming a close second to PDF attachments (36%). By embedding the <script> tag of an SVG file with a malicious URL, attackers execute JavaScript when the link is opened in a web browser, redirecting the user to a compromised website. In doing so, they bypass anti-phishing defenses. The US is the most targeted region for such attacks, followed by Europe.

XRed, the malware family of the year

The backdoor-type malware, XRed, was responsible for the most malware attacks in Q1 2025, surpassing the second-most prominent malware family (Lumma) by a factor of three. StealC, AgentTesla, and Redline followed.

The US dominates spam email traffic

In Q1 2025, not only were 92% of all emails classified as spam, but 67% of those were categorised as malicious. The US is the leading source of spam emails, generating 57% of all spam sent, and receiving 75% of malicious emails. The UK and Ireland stand at 8% each for sending and receiving bad emails.

HTML attachments for malspam on the wane

HTML attachments took up no more than 12% share of cybercriminals' overall malspam strategy. With heightened awareness about the use of malicious HTML attachments, attackers are looking for less obvious methods, preferring PDFs and SVG files instead.

Manufacturing sector still the darling of email attackers

The manufacturing sector remains the most targeted sector in the email threat landscape, holding its lead at 36% vis-à-vis the retail and financial sectors, which tie at second place, with each receiving 15% of attackers' attention.

"There's a clear shift in cybercriminals' preference towards low-tech, high-impact, human-centric tactics. This demands a fundamental rethink of email security – one that addresses the human element as vigilantly as the technological," Usman Choudhary, Chief Product and Technology Officer, VIPRE Security Group, said. "With cybercriminals mastering the art of human deception, and crafting phishing attacks that bypass conventional defenses, email security in turn demands an approach that weaponises cybercriminals' own actions and uses their patterns to create a unique, future-proofed response."

To read the full report, click here: Email Threat Trends Report: 2025: Q1

VIPRE leverages its vast understanding of email security to equip businesses with the information they need to protect themselves. This report is based on proprietary intelligence gleaned from round-the-clock assessment of the cybersecurity landscape.

About VIPRE Security Group

VIPRE Security Group, part of Ziff Davis, Inc., is a leading provider of internet security solutions purpose-built to protect businesses, solution providers, and home users from costly and malicious cyber threats. With over 25 years of industry expertise, VIPRE is one of the world's largest threat intelligence clouds, delivering exceptional protection against today's most aggressive online threats. Our award-winning software portfolio includes next-generation antivirus endpoint cloud solutions, advanced email security products, along with threat intelligence for real-time malware analysis, and high-quality security awareness training for compliance and risk management. VIPRE solutions deliver an easy-to-use, comprehensive layered defense through cloud-based and server security, with mobile interfaces that enable instant threat response. VIPRE is a proud Advanced Technology Partner of Amazon Web Services, operating globally across North America and Europe.

The group operates under various brands, including VIPRE®, StrongVPN®, IPVanish®, Inspired eLearning®, Livedrive®, and SugarSync®. www.VIPRE.com