What security teams miss in email attacks
Email remains the most common entry point for attackers. This article examines how phishing, impersonation, and account takeover continue to drive email breaches and expose growing security gaps across industries.
Email blind spots are back to bite security teams
Email remains the primary entry point for compromise. Malware in email increased by more than 130% year over year. Scams rose by more than 30% and phishing increased by more than 20%. These categories continue to drive most of the operational impact that organizations experience, including account compromise and business disruption.
Email breaches are the silent killers of business growth
78% of organizations were hit by an email breach in the past 12 months. Phishing, impersonation, and account takeover continue to drive incidents that often lead to ransomware and data loss. Phishing and spear phishing were the most common breach types, followed by business email compromise and account takeover. These attacks often overlap. A single phishing email can expose credentials that attackers later use to impersonate staff, steal data, or spread malware across the network.
Cybercriminals are getting personal, and it’s working
For the sixth quarter in a row, the manufacturing sector remains the prime target for cybercriminals. In Q2 2025, manufacturers faced the highest volume of email-based attacks, 26% of all incidents, encompassing BEC, phishing, and malspam threats. Retail follows, accounting for 20% of attacks, with healthcare close behind at 19%, reflecting a consistent trend observed since last year and through Q1 2025.
Email security risks healthcare IT can’t afford to ignore
Email remains one of the biggest security risks in healthcare. Outdated systems and frustrating tools often lead staff to bypass security measures, leaving patient data exposed.
Employees repeatedly fall for vendor email compromise attacks
In just 12 months, attackers attempted to steal more than $300 million via vendor email compromise (VEC), with 7% of engagements coming from employees who had engaged with a previous attack. Employees struggle to differentiate between legitimate messages and attacks, especially when those emails appear to come from a trusted vendor. Employees in the largest organizations, with workforces of 50,000 or more, had the highest rate of second-step engagement with VEC.
Low-tech phishing attacks are gaining ground
Cybercriminals are taking the sentiment “work smarter, not harder” to a whole other level with callback phishing scams, a vector that wasn’t even part of the equation last year In Q1 2025, it accounts for 16% of phishing attempts. This is pertinent because link usage, which accounted for 75% of phishing attempts in Q1 2024, dropped by 42% in Q1 2025, making room for callbacks, which now account for nearly one in five attempts. Callback phishing is a social engineering attack where victims are tricked into calling a seemingly legitimate phone number through emails or texts to reveal sensitive information or download malware.
Only 1% of malicious emails that reach inboxes deliver malware
99% of email threats reaching corporate user inboxes in 2024 were response-based social engineering attacks or contained phishing links. Only 1% of malicious emails that reached user inboxes delivered malware. This shows that while common pre-delivery email defenses are effective at stopping malware, they are far less capable of blocking high risk threats like business email compromise and credential phishing.
Nine out of ten emails are spam
Now, more than ever, users can fall prey to word-perfect AI-created phishing campaigns, subtle BEC messages that sound remarkably like the sender, and highly convincing ploys from trusted vendors with legitimate-looking websites and clean domains. 9 out of 10 emails were categorised as spam – i.e., unsolicited, unwanted emails or those sent with malicious intent. Of the never-seen-before spam emails, 37% fell into the commercial, 32% into the scam, and 21% into the phishing categories of spam.