According to the 2025 Email Threats Report by Barracuda, email-based attacks are rising, highlighting the need for public awareness and preparedness. The report found that 23% of the HTML attachments in the emails are malicious. The cybercriminals aren't only relying on malicious links, they are also inserting harmful material in email attachments, which evade many security measures.
The report also found that 20% of the organizations have experienced account takeover (ATO), whether attempted or successful, at least once every month. Most of the time, access to the account is gained through credential stuffing, phishing scams, and exploiting passwords that are very weak. It was also found that 83% of malicious Microsoft documents and 68% of malicious PDF attachments contain QR codes that take users to malicious websites for phishing. 12% of the Bitcoin sextortion scams also happen because of PDF attachments, which have malicious code.
DMARC (Domain-based Message Authentication, Reporting and Conformance) was not present in 47% of the email domains which makes it easy for cybercriminals to attack organisations through impersonation and spoofing attacks. 24% of the messages received via email are malicious or unwanted spam, which is complicating the security of emails, as it is getting harder to know which emails are truly malicious. Email security is important, and it can be done through different threat detectors and AI to identify hidden attacks in attachments and any malicious signs within an email.
Image: DIW-Aigen
Read next: Workplace AI Adoption Soars as Risky Practices and Poor Oversight Undermine Organizational Safety
The report also found that 20% of the organizations have experienced account takeover (ATO), whether attempted or successful, at least once every month. Most of the time, access to the account is gained through credential stuffing, phishing scams, and exploiting passwords that are very weak. It was also found that 83% of malicious Microsoft documents and 68% of malicious PDF attachments contain QR codes that take users to malicious websites for phishing. 12% of the Bitcoin sextortion scams also happen because of PDF attachments, which have malicious code.
DMARC (Domain-based Message Authentication, Reporting and Conformance) was not present in 47% of the email domains which makes it easy for cybercriminals to attack organisations through impersonation and spoofing attacks. 24% of the messages received via email are malicious or unwanted spam, which is complicating the security of emails, as it is getting harder to know which emails are truly malicious. Email security is important, and it can be done through different threat detectors and AI to identify hidden attacks in attachments and any malicious signs within an email.
Read next: Workplace AI Adoption Soars as Risky Practices and Poor Oversight Undermine Organizational Safety
