ISLAMABAD — Cybersecurity company Kaspersky says malicious email activity increased sharply in 2025, with more than 144 million harmful or potentially unwanted email attachments detected globally — a 15% rise compared to the previous year.
According to the company’s annual analysis, nearly 45% of global email traffic in 2025 was classified as spam. The findings indicate that both individuals and businesses were affected, with phishing, scam messages and malware distributed through email remaining a primary entry point for cyberattacks.
Regional trends and country data
The Asia-Pacific region, including Pakistan, recorded the highest share of email antivirus detections at 30%, followed by Europe at 21%. Latin America accounted for 16%, the Middle East 15%, Russia and CIS countries 12%, and Africa 6%.
At the country level, China reported the highest rate of malicious and potentially unwanted email attachments at 14%. Russia followed at 11%, while Mexico and Spain each recorded 8%, and Turkey 5%. Email antivirus detections showed moderate peaks in June, July and November.
Evolving phishing tactics
Kaspersky’s report highlights continued changes in phishing and spam techniques. Attackers increasingly redirect users from email to messaging platforms or fraudulent phone numbers. In some cases, investment scam emails lead recipients to fake websites where they are prompted to share contact details before being contacted directly by cybercriminals.
Also Read: Nearly 90% of phishing attacks aim to steal online account credentials, Kaspersky finds
Threat actors are also disguising phishing links using link protection services and QR codes. The company said it identified cases where attackers misused OpenAI’s organization creation and team invitation features to send spam emails from legitimate OpenAI addresses, increasing the likelihood that recipients would trust the message.
A calendar-based phishing scheme, first seen in the late 2010s, re-emerged in 2025 with a focus on corporate users. According to Kaspersky, attackers enhanced their credibility by inserting fake forwarded messages into email threads.
Roman Dedenok, an anti-spam expert at Kaspersky, said email phishing remains a significant threat, noting that one in ten business attacks begins with phishing. He added that the wider availability of generative artificial intelligence tools has enabled attackers to produce more convincing and personalized messages at scale.
Safety recommendations
Kaspersky advised users to treat unsolicited invitations or requests with caution, even if they appear to come from trusted platforms. The company recommends carefully reviewing website addresses before clicking links and avoiding phone numbers provided in suspicious emails.
For organizations, the firm said multi-layered email security systems and up-to-date protection across all employee devices, including smartphones, remain essential to reducing risk.
Today's E-Paper