According to Kaspersky telemetry, almost every second email – 44.99% of global traffic – was spam in 2025. Spam consists not only of unsolicited emails, but can also include various email threats such as scam, phishing and malware. In 2025, individuals and corporate users encountered over 144 million malicious and potentially unwanted email attachments, representing a 15% increase compared to the previous year figures.
In 2025, APAC including Pakistan had the largest share of email antivirus detections: it reached 30%, followed by Europe with 21%. Next came Latin America (16%) and the Middle East (15%), Russia and CIS (12%) and Africa (6%). As for individual countries, China had the highest rate of malicious and potentially unwanted email attachments, with the share of email antivirus detections of 14%. Russia ranked second (11%), followed by Mexico (8%), Spain (8%) and Turkey (5%). Email antivirus detections peaked moderately in June, July and November.
Kaspersky’s annual analysis has also identified several persistent trends in the email spam and phishing threat landscape that are expected to continue into 2026. Attackers lure email users into switching to messengers or calling fraudulent phone numbers. For instance, scam investment mailings may redirect victims to fake websites, where they are asked to provide their contact information, and then cybercriminals will follow up with a phone call.
Threat actors frequently try to disguise phishing URLs, for example, with the help of link protection services and QR codes. Kaspersky experts discovered a fraudulent tactic that abuses OpenAI’s organization creation and team invitation features to send spam emails from legitimate OpenAI addresses, potentially tricking users into clicking scam links or dialing fraudulent phone numbers. Additionally, a calendar-based phishing scheme, which originated in the late 2010s, resurfaced last year with a focus on corporate users. In 2025 attackers attempted to become even more persuasive by incorporating fake forwarded emails into their correspondence.
“Email phishing shouldn’t be underestimated. Our report reveals that one in ten business attacks starts with phishing, with a significant proportion being Advanced Persistent Threats (APTs). In 2025, we saw an increase in the sophistication of targeted email attacks. Even the smallest details are meticulously crafted in these malicious campaigns, including the composition of sender addresses and the tailoring of content to real corporate events and processes. The commodification of generative AI has significantly amplified this threat, enabling attackers to craft convincing, personalized phishing messages at scale with minimal effort, automatically adapting tone, language and context to specific targets,” comments Roman Dedenok, anti-spam expert at Kaspersky.
