In attachment-based campaigns, people were most likely to open certain file types: PDFs (53%), HTML files (28.5%), Word files (18.5%).

Bitcoin sextortion scams account for 12% of malicious PDF attachments.

68.6% of clicked links involved domain spoofing.

Link usage accounted for 75% of phishing attempts in Q1 2024.

Link usage dropped by 42% in Q1 2025 compared to Q1 2024.

Callback scams now account for nearly one in five attempts.

83% of malicious Microsoft documents contain QR codes designed to take users to phishing websites.

As many as 20% of organizations experienced at least one attempted or successful account takeover (ATO) incident per month.

92% of the emails processed by VIPRE were spam.

Callback phishing accounted for 16% of phishing attempts in Q1 2025.

SVG files are used in 34% of phishing attacks as favoured attachments.

PDF attachments are used in 36% of phishing attacks as favoured attachments

47% of email domains do not have Domain-based Message Authentication, Reporting and Conformance (DMARC) configured to protect against unauthorized use, including spoofing and impersonation attacks.

60.7% of the phishing simulations that were clicked mentioned an internal team.

Internal communications are a significant driver of phishing failures. Emails impersonating internal teams, particularly HR and IT, received the most failures in phishing simulations.

23% of HTML email attachments are malicious, making them the most weaponized text file type detected. More than three-quarters of the malicious files detected overall were HTML files.

68% of malicious PDF attachments contain QR codes designed to take users to phishing websites.

49.7% of clicked phishing simulations mentioned HR.

In attachment-based campaigns, people were most likely to open certain file types: PDFs (53%), HTML files (28.5%), Word files (18.5%).

35.9% of AI-generated content flows into email and messaging platforms.