Cyberstats

Security Intelligence

VendorsVIPRE

VIPRE

Cybersecurity reports and statistics published by VIPRE

8 categories1 reports

Research Reports

Reports and publications from VIPRE

Email Threat Trends Report: Q2 2025

8/4/2025

Recent Statistics & Reports

58% of phishing sites now use unidentifiable phishing kits.

8/4/2025
EmailPhishingPhishing kit

Among the unidentifiable phishing kits used by phishing sites, 16shop accounts for 7%.

8/4/2025
EmailPhishingPhishing kit

Among the unidentifiable phishing kits used by phishing sites, Evilginx accounts for 20%.

8/4/2025
EmailPhishingPhishing kit

Among the unidentifiable phishing kits used by phishing sites, Tycoon 2FA accounts for 10%.

8/4/2025
EmailPhishingPhishing kit

The use of URL shorteners accounts for 7% of phishing delivery.

8/4/2025
EmailPhishingPhishing delivery

PDFs remain the preferred vehicle for delivering malicious attachments in phishing, at 64%.

8/4/2025
EmailPhishingPhishing delivery

The most observed phishing exploitation mechanisms are HTTP POST to remote server accounting (52%) and email exfiltration (30%).

8/4/2025
EmailPhishing

Lumma Stealer is the most encountered malware family found in the wild during Q2 and is often delivered via malicious .docx, .html, or .pdf attachments, or through phishing links hosted on compromised or legitimate-looking cloud services such as OneDrive, and Google Drive.

8/4/2025
EmailPhishingLumma Stealer

Swedish and Norwegian targets comprise a combined 19% of BEC targets.

8/4/2025
EmailPhishingBEC

For Business Email Compromise (BEC) attacks, English-speaking executives remain the most targeted at 42%.

8/4/2025
EmailPhishingBEC

A significant portion of BEC targets are Danish, at 38%.

8/4/2025
EmailPhishingBEC

Retail was the second most targeted sector for email-based attacks in Q2 2025, accounting for 20% of attacks.

8/4/2025
EmailPhishingRetail

Swedish language use in BEC scams is 3.8%.

8/4/2025
EmailPhishingBEC

Norwegian language use in BEC scams is 1.5%.

8/4/2025
EmailPhishingBEC

After CEOs and executives, the remaining BEC impersonation efforts are aimed at directors and managers (9%), HR personnel (4%), IT staff (3%), and school heads (2%).

8/4/2025
EmailPhishingBEC

Financial lures are the number one ploy in phishing emails, representing 35% of samples.

8/4/2025
EmailPhishingPhishing lure

Account verification and updates account for 20% of approaches in phishing emails.

8/4/2025
EmailPhishingPhishing lure

Compromised websites are the second most prevalent link delivery method, at 30%.

8/4/2025
EmailPhishingPhishing delivery

Among the unidentifiable phishing kits used by phishing sites, other generic kits account for 5%.

8/4/2025
EmailPhishingPhishing kit

Package delivery messages account for 5% in phishing emails.

8/4/2025
EmailPhishingPhishing lure

Showing first 20 results

Top Categories

Email
30
Phishing
30
BEC
8
Phishing lure
8
Phishing kit
5
Phishing delivery
4
Sweden
2
Norway
2

Related Vendors

Paubox
3 stats
Bitdefender
7 stats
Deskpro
7 stats
LevelBlue
10 stats
Global Relay
7 stats
RSA
19 stats