Kaspersky Reports 15% Rise in Malicious Email Attacks in 2025
Cybersecurity firm Kaspersky has reported a 15 percent increase in malicious and potentially unwanted email attachments in 2025, warning that email-based threats continue to evolve in sophistication.
According to Kaspersky telemetry data, nearly 44.99 percent of global email traffic in 2025 was classified as spam. The category includes not only unsolicited messages but also email-based scams, phishing attempts and malware distribution.
The report said individuals and corporate users encountered more than 144 million malicious and potentially unwanted email attachments during the year, marking a significant rise compared to 2024.
Regionally, the Asia-Pacific (APAC) region, including Pakistan, accounted for the largest share of email antivirus detections at 30 percent, followed by Europe (21 percent), Latin America (16 percent), the Middle East (15 percent), Russia and CIS (12 percent), and Africa (6 percent).
Among individual countries, China recorded the highest rate of malicious email attachments at 14 percent, followed by Russia (11 percent), Mexico (8 percent), Spain (8 percent) and Turkey (5 percent). Email antivirus detections saw moderate peaks in June, July and November.
Sophisticated Phishing Tactics
Kaspersky’s annual analysis highlighted persistent and emerging trends in spam and phishing attacks likely to continue into 2026.
Attackers are increasingly redirecting victims from emails to messaging platforms or fraudulent phone numbers. In some cases, scam investment emails lead users to fake websites where they are prompted to share contact details before being approached via phone calls.
Cybercriminals are also disguising phishing links using link protection services and QR codes. Kaspersky researchers identified a tactic that abuses OpenAI’s organization creation and team invitation features to send spam emails from seemingly legitimate OpenAI addresses, potentially tricking users into clicking malicious links.
Additionally, a calendar-based phishing scheme — first seen in the late 2010s — resurfaced in 2025, particularly targeting corporate users. Attackers have further enhanced credibility by inserting fake forwarded email chains into phishing messages.
“Email phishing shouldn’t be underestimated. One in ten business attacks begins with phishing, with a significant share linked to Advanced Persistent Threats (APTs),” said Roman Dedenok, anti-spam expert at Kaspersky. He noted that the growing availability of generative AI tools has enabled attackers to craft highly personalized phishing messages at scale.
Security Recommendations
Kaspersky advised users to treat unsolicited invitations with caution, even if they appear to originate from trusted platforms. Users are urged to carefully verify URLs before clicking and avoid calling phone numbers listed in suspicious emails.
For corporate environments, the company recommends deploying multi-layered email security solutions powered by machine learning, along with ensuring that all employee devices — including smartphones — are protected with robust security software.
The findings underscore the growing cybersecurity risks faced by businesses and individuals as threat actors continue to refine their tactics in an increasingly AI-driven digital landscape.
