Callback scams vie for top phishing vector position, SVG image files bypass defenses, and XRed is the malware family of the quarter
LONDON, April 28, 2025 /PRNewswire/ -- VIPRE Security Group, a global leader and award-winning cybersecurity, privacy, and data protection company, has released its email threat landscape report for Q1 2025. This report, based on an analysis of global real-world data, highlights the most significant email security trends from the first quarter of 2025, to enable organisations to strategise their email security defenses for the year ahead. VIPRE processed 1.45 billion emails globally, of which a whopping 92% were spam.
Callback phishing battles links, pushing for the top spot
Cybercriminals are taking the sentiment "work smarter, not harder" to a whole other level with callback phishing scams, a vector that wasn't even part of the equation last year. In Q1 2025, it accounts for 16% of phishing attempts. This is pertinent because link usage, which accounted for 75% of phishing attempts in Q1 2024, dropped by 42% in Q1 2025, making room for callbacks, which now account for nearly one in five attempts. With email scanning technology now adept at spotting compromised links, cybercriminals are resorting to callback scams via emails that leave no trace at all.
Callback phishing is a social engineering attack where victims are tricked into calling a seemingly legitimate phone number through emails or texts to reveal sensitive information or download malware.
SVG phishing on the rise
SVG files are fast becoming cybercriminals' favoured types of attachments (34%) for phishing attacks, coming a close second to PDF attachments (36%). By embedding the
