VIPRE Security Group, a cybersecurity, privacy and data protection company, has released its email threat landscape report for Q1 2025.
Cyber-criminals are having more success with low-tech, human-centric email attacks, VIPRE Security Group analysis has revealed.
VIPRE Security Group reports that callback scams are emerging as one of the most common phishing tactics.
Attackers are reportedly using SVG image files to bypass security defences.
According to Vipre Security Group, XRed is one of the most prominent malware family of the first quarter of 2025.
VIPRE Security Group’s report is based on an analysis of global real-world data, highlighting the most significant email security trends from the first quarter of 2025.
This report is said to enable organisations to strategise their email security defences for the year ahead.
VIPRE processed 1.45 billion emails globally, of which 92% were spam.
According to the analysis cyber-criminals are taking the sentiment “work smarter, not harder” to a whole other level with phishing callback scams, a vector that was not part of the equation last year.
However, in Q1 2025, callback scams account for 16% of phishing attempts.
This is pertinent because link usage, which accounted for 75% of phishing attempts in Q1 2024, dropped by 42% in Q1 2025, making room for callback scams, which now account for nearly one in five attempts.
With email scanning technology now adept at spotting compromised links, cyber-criminals are resorting to callback scams via emails that leave no trace at all.
Callback scams are social engineering attacks where victims are tricked into calling a seemingly legitimate phone number through emails or texts to reveal sensitive information or download malware.
SVG files are fast becoming cyber-criminals’ favoured types of attachments (34%) for phishing attacks, coming a close second to PDF attachments (36%).
By embedding the <script> tag of an SVG file with a malicious URL, attackers execute JavaScript when the link is opened in a web browser, redirecting the user to a compromised website.
In doing so, they bypass anti-phishing defences.
According to VIPRE Security Group the US is the most targeted region for such attacks, followed by Europe.
The UK and Ireland stand at 8% each for sending and receiving bad emails.
The backdoor-type malware, XRed, was reportedly responsible for the most malware attacks in Q1 2025, surpassing the second-most prominent malware family (Lumma) by a factor of three.
StealC, AgentTesla and Redline followed.
HTML attachments took up no more than 12% share of cyber-criminals’ overall malspam strategy.
With heightened awareness about the use of malicious HTML attachments, attackers are reportedly looking for less obvious methods, preferring PDFs and SVG files instead.
The manufacturing sector according to VIPRE Security Group remains the most targeted sector in the email threat landscape, holding its lead at 36% vis-à-vis the retail and financial sectors, which tie at second place, with each receiving 15% of attackers’ attention.
Usman Choudhary, Chief Product and Technology Officer, VIPRE Security Group said: “There’s a clear shift in cyber-criminals’ preference towards low-tech, high-impact, human-centric tactics.
“This demands a fundamental rethink of email security – one that addresses the human element as vigilantly as the technological.
“With cyber-criminals mastering the art of human deception and crafting phishing attacks that bypass conventional defences, email security in turn demands an approach that weaponises cyber-criminals’ own actions and uses their patterns to create a unique, future-proofed response.”
