According to the latest Kaspersky telemetry report, in 2025 almost one in every two emails, 44.99% of global traffic, was spam. These types of messages are not limited to spam, but include different threats such as scams, phishing, and malware. Throughout the year, individual and corporate users faced more than 144 million malicious or potentially unwanted email attachments, a 15% increase over the previous year.

Countries most affected by malicious email campaigns

In 2025, the Asia-Pacific region will have the largest proportion of email antivirus detections, at 30%, followed by Europe (21%). This was followed by Latin America (16%), the Middle East (15%), Russia and the CIS (12%) and Africa (6%).

By country, China has recorded the highest rate of malicious and potentially unwanted attachments, with 14% of total email antivirus detections. They were followed by Russia (11%), Mexico (8%), Spain (8%) and Türkiye (5%).

Email cyber threat detections reached moderate peaks in the months of June, July and November, according to the Kaspersky telemetry report.

Top trends in spam and phishing

Kaspersky’s annual analysis identifies several persistent trends in the email spam and phishing landscape, which are expected to continue throughout 2026.

One of them is the combination of different communication channels. Cybercriminals use email as an entry point to redirect victims to messaging apps or fraudulent phone calls. For example, some fake investment campaigns lead to fraudulent websites that ask for contact information, after which cybercriminals continue the scam with a phone call.

Another trend is the use of increasingly sophisticated evasion techniques in malicious and phishing emails. Malicious actors try to hide fraudulent URLs by using, for example, link protection services or QR codes. These codes are often embedded directly into the body of the email or attached PDF files, which not only hides the malicious link but encourages users to scan them from mobile devices, which often have less robust security measures than corporate computers.

There is also an increasing use of legitimate platforms as an attack vector. Kaspersky experts detected a fraudulent technique that abuses OpenAI’s organization creation and team invitation features to send spam emails from legitimate addresses, with the goal of inducing users to click on fraudulent links or call fake phone numbers. Additionally, calendar-based phishing, a technique that emerged in the late 2010s, reappeared last year with a special focus on corporate users.

Experts have also detected campaigns that impersonate popular digital services to steal credentials. Among them, phishing attempts that offer supposed free subscriptions to Telegram Premium and redirect to fake pages where the user’s phone number and verification code are requested.

Difficulty verifying authenticity

In the area of ​​business email compromise (BEC), cybercriminals have refined their tactics by incorporating supposedly forwarded emails into their messages. These emails lack certain technical headers, making it difficult to verify their authenticity within an email conversation.

“Email phishing should not be underestimated. Our report reveals that one in ten attacks targeting businesses begin with phishing, and a significant portion corresponds to advanced persistent threats (APTs). In 2025 we see an increase in the sophistication of targeted email attacks. Even the smallest details are taken care of, from the composition of sender addresses to the adaptation of content to real corporate events and processes. The popularization of generative artificial intelligence has significantly amplified this threat, allowing cybercriminals to create compelling, personalized phishing messages at scale, with minimal effort, automatically adjusting the tone, language and context to each target,” says Roman Dedenok, anti-spam expert at Kaspersky.

The report reveals that one in ten attacks targeting businesses begins with phishing

For an in-depth look at the spam and phishing threat landscape, you can check out Securelist.

Top security recommendations according to Kaspersky

• Be wary of unsolicited invitations from any platform, even if they appear to come from legitimate sources.

• Review URLs carefully before clicking on links included in emails.

• Do not call phone numbers indicated in suspicious messages. If it is necessary to contact the support service of a platform, it is advisable to look for the number on its official website.

• In corporate environments, use security solutions for mail servers, such as Kaspersky Security for Mail Server, with multi-layered defense mechanisms based on machine learning, capable of detecting advanced threats.

• Ensure that all employee devices, including smartphones, have appropriate security solutions.

• Conduct regular training to educate employees on the latest phishing techniques and deception methods used in malicious email campaigns.

Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.