Cybersecurity firm VIPRE Security Group reports a surge in ‘low-tech,’ human-focused email attacks in Q1 2025. Their analysis of 1.45 billion emails reveals a staggering 92% were spam, with 67% malicious.
Callback phishing scams, where victims are tricked into calling fraudulent numbers, now account for 16% of phishing attempts, challenging traditional link-based attacks.
Criminals are also exploiting SVG image files (34% of phishing attachments) to bypass defences by embedding malicious scripts. The US is the top target for these attacks. XRed malware dominated in Q1, significantly outpacing other threats.
The US remains the biggest source (57%) and recipient (75%) of spam. Interestingly, malicious HTML attachments are declining, as attackers favour less obvious methods. The manufacturing sector remains the most targeted (36%). VIPRE’s findings highlight a shift towards simpler social engineering tactics requiring greater vigilance.
“There’s a clear shift in cybercriminals’ preference towards low-tech, high-impact, human-centric tactics. This demands a fundamental rethink of email security – one that addresses the human element as vigilantly as the technological,” Usman Choudhary, Chief Product and Technology Officer, VIPRE Security Group, said.
He added: “With cybercriminals mastering the art of human deception and crafting phishing attacks that bypass conventional defenses, email security in turn demands an approach that weaponises cybercriminals’ own actions and uses their patterns to create a unique, future-proofed response.”
