Nearly 45% of global emails are spam, phishing, and malware.

On February 24th, security firm Kaspersky released monitoring data showing that 2025 will see an alarming rate of spam: for every two emails sent, one will be spam, accounting for 44.99% of total global email traffic.

In particular, individual users and businesses faced more than 144 million malicious email attachments or potentially risky files, a 15% increase compared to the previous year.

Spam and phishing emails are rampant.

The Asia- Pacific (APAC) region recorded the highest rate of malware email detections, at 30%, followed by Europe (21%). Looking at individual countries, China recorded the highest rate of spam (emails containing malicious or suspicious attachments), accounting for 14% of total detections.

According to Kaspersky experts' analysis, a prominent trend among cybercriminals when deploying spam and phishing campaigns via email is the combination of multiple communication channels.

Accordingly, attackers seek to lure email users into exchanging messages via messaging apps or calling fraudulent phone numbers. For example, investment scam emails may lead victims to fake websites. There, they request victims to provide contact information, then contact them via phone calls to continue the scam.

Cybercriminals also employ a variety of camouflage techniques in phishing emails and emails containing malicious files or links. Threat actors often try to disguise phishing links, for example by using link protection services or QR codes. These QR codes are often embedded directly into the email content or attached to PDF files.

In this way, they not only disguise the phishing link but also trick users into scanning the code with their mobile phones. Mobile devices often have weaker security layers compared to business computers, so malicious actors can exploit this vulnerability.

What can be done to prevent it?

Roman Dedenok, an anti-spam analyst at Kaspersky, commented: “We shouldn’t underestimate the risk of phishing attacks via email. Our report shows that one in ten business attacks originates from email phishing, and a significant portion of these are targeted, sustained attacks (APTs).”

In 2025, we see targeted email attacks becoming increasingly sophisticated. Attackers meticulously prepare and impersonate even the smallest details, from creating sender addresses to personalizing content to match actual business events and processes.”

To minimize risks for individual and business users, Kaspersky experts recommend that users always be wary of unwanted invitations from any platform, even if these emails appear to come from a trustworthy source.

Users should get into the habit of carefully checking links (URLs) before clicking on them. Do not call phone numbers provided in suspicious emails. If you need to contact customer support for a service, find the phone number on the service's official website.

For business users, many current security solutions feature multi-layered defense mechanisms, supported by machine learning algorithms, providing robust protection against increasingly sophisticated threats and enabling businesses to proactively respond to growing cybersecurity risks.

Businesses should also ensure all employee devices, including smartphones, are equipped with reliable security software. They should also provide regular training to employees on modern phishing and fraud tactics.