Cybercriminals are increasingly adopting low-tech, human-centric approaches to circumvent email scanning technologies, according to a recent report from VIPRE Security. As of the first quarter of 2025, a staggering 92% of all emails were classified as spam, with 67% of those deemed malicious. This significant increase in spam is attributed in part to the growing incidence of callback phishing scams, now accounting for 16% of all phishing attempts.
Previously dominated by link-based phishing attempts, which represented 75% of attacks in Q1 2024, cybersecurity trends are shifting as attackers exploit callback phishing tactics. In these attacks, victims are lured into calling a seemingly legitimate number through deceptive emails or texts, prompting them to divulge sensitive information or download malware. This shift highlights the effectiveness of these tactics, as they leave little to no trace, successfully dodging advanced email scanning technologies.
The IPRE report also noted that SVG files have emerged as a favored type of attachment for phishing attempts, comprising 34% of cases, closely following PDF attachments at 36%. By embedding malicious scripts within SVG files, cybercriminals can execute harmful JavaScript, redirecting unsuspecting users to compromised websites and bypassing anti-phishing defenses. The US remains the most targeted region for such attacks, with Europe following closely behind.
Notably, XRed backdoor malware topped the list of threats in Q1 2025, constituting the majority of malware attacks, significantly exceeding attacks from other families such as Lumma. Additionally, Business Email Compromise (BEC) threats made up 37% of all email scams, primarily impersonating high-ranking officials like CEOs, making urgent requests appear plausible. These developments signal an urgent need for businesses to rethink their email security strategies. “There’s a clear shift in cybercriminals’ preference towards low-tech, high-impact, human-centric tactics,” stated Usman Choudhary, Chief Product and Technology Officer at VIPRE Security Group, underscoring the pressing need for enhanced security measures in the digital age.