Kaspersky reports 15% growth in malicious email attacks in 2025

According to Kaspersky telemetry, almost every second email – 44.99% of global traffic – was spam in 2025. Spam consists not only of unsolicited emails, but can also include various email threats such as scam, phishing and malware. In 2025, individuals and corporate users encountered over 144 million malicious and potentially unwanted email attachments, representing a 15% increase compared to the previous year figures.     

In 2025, APAC had the largest share of email antivirus detections: it reached 30%, followed by Europe with 21%. Next came Latin America (16%) and the Middle East (15%), Russia and CIS (12%) and Africa (6%). As for individual countries, China had the highest rate of malicious and potentially unwanted email attachments, with the share of email antivirus detections of 14%. Russia ranked second (11%), followed by Mexico (8%), Spain (8%) and Turkey (5%).

Email antivirus detections peaked moderately in June, July and November.

Key trends in email spam and phishing

Kaspersky’s annual analysis has also identified several persistent trends in the email spam and phishing threat landscape that are expected to continue into 2026:

• Combination of various communication channels. Attackers lure email users into switching to messengers or calling fraudulent phone numbers. For instance, scam investment mailings may redirect victims to fake websites, where they are asked to provide their contact information, and then cybercriminals will follow up with a phone call.   
• Usage of diverse evasion techniques in phishing and malicious emails. Threat actors frequently try to disguise phishing URLs, for example, with the help of link protection services and QR codes. These QR codes are often embedded directly in email bodies or within PDF attachments, which not only conceals phishing links but also encourages users to scan them on mobile devices, potentially exploiting weaker security measures than corporate PCs.
• Mailings exploiting diverse legitimate platforms. For example, Kaspersky experts discovered a fraudulent tactic that abuses OpenAI’s organization creation and team invitation features to send spam emails from legitimate OpenAI addresses, potentially tricking users into clicking scam links or dialing fraudulent phone numbers. Additionally, a calendar-based phishing scheme, which originated in the late 2010s, resurfaced last year with a focus on corporate users. 
• Refining tactics in business email compromise (BEC) attacks. In 2025 attackers attempted to become even more persuasive by incorporating fake forwarded emails into their correspondence. These emails lacked thread-index headers or other headers, making it difficult to verify their legitimacy within an email conversation.

“Email phishing shouldn’t be underestimated. Our report reveals that one in ten business attacks starts with phishing, with a significant proportion being Advanced Persistent Threats (APTs). In 2025, we saw an increase in the sophistication of targeted email attacks. Even the smallest details are meticulously crafted in these malicious campaigns, including the composition of sender addresses and the tailoring of content to real corporate events and processes.

The commodification of generative AI has significantly amplified this threat, enabling attackers to craft convincing, personalized phishing messages at scale with minimal effort, automatically adapting tone, language and context to specific targets,” commentsRoman Dedenok, anti-spam expert at Kaspersky.